General

  • Target

    821b3009a88f0b2da8645e0f4304f6ab_JaffaCakes118

  • Size

    160KB

  • Sample

    241031-hlsvrstqbk

  • MD5

    821b3009a88f0b2da8645e0f4304f6ab

  • SHA1

    fc17044f8a71470d4cd61c4edb9aa3f1bb617e53

  • SHA256

    9f87c3aaf968b58415b5e794a849ea813785a0868ffcb12b14e45df2d3803c49

  • SHA512

    d3330b82ea4f90acd7d486ed3ba2d19c2887b08df2162f035beba57080b741fb59d016a3193eecb6faed38f000cc52f225bde9ca464089a47f0ef89877c8a662

  • SSDEEP

    3072:MLNgGaPdgermWP2U8udJSl7BHlomNTAejk:EgGYdi+quT0BHWwe

Malware Config

Targets

    • Target

      821b3009a88f0b2da8645e0f4304f6ab_JaffaCakes118

    • Size

      160KB

    • MD5

      821b3009a88f0b2da8645e0f4304f6ab

    • SHA1

      fc17044f8a71470d4cd61c4edb9aa3f1bb617e53

    • SHA256

      9f87c3aaf968b58415b5e794a849ea813785a0868ffcb12b14e45df2d3803c49

    • SHA512

      d3330b82ea4f90acd7d486ed3ba2d19c2887b08df2162f035beba57080b741fb59d016a3193eecb6faed38f000cc52f225bde9ca464089a47f0ef89877c8a662

    • SSDEEP

      3072:MLNgGaPdgermWP2U8udJSl7BHlomNTAejk:EgGYdi+quT0BHWwe

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks