Overview

overview

10

Static

static

3

826c4d8653...18.exe

windows7-x64

10

826c4d8653...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    826c4d86531418cca11fd164773523f5_JaffaCakes118

  • Size

    154KB

  • Sample

    241031-j6vqjavbpe

  • MD5

    826c4d86531418cca11fd164773523f5

  • SHA1

    c170116f252c66e024dfb344558c646be6ef4c28

  • SHA256

    b32ce1531038d6b392e33559c2aa94a85e5e61f28250b345b975ba7ffd8d5b42

  • SHA512

    8a392b2bd1d01b107498407b4d29cbd718bde6c73b53cad4f5f11351ee9a784f7ad64683d79246d4f46b5940a6221bec12286c931fb18a65f4fd09f12b90ed21

  • SSDEEP

    3072:z1Diqfc//////eFIea2wTBILNmJ2NdmM42nj/+sWaPVFsNY0a/LZClX:zgsc//////eFtTNmOoMZRWiTZClX

Score
10/10
gh0strataspackv2discoverypersistencerat

Malware Config

Targets

    • Target

      826c4d86531418cca11fd164773523f5_JaffaCakes118

    • Size

      154KB

    • MD5

      826c4d86531418cca11fd164773523f5

    • SHA1

      c170116f252c66e024dfb344558c646be6ef4c28

    • SHA256

      b32ce1531038d6b392e33559c2aa94a85e5e61f28250b345b975ba7ffd8d5b42

    • SHA512

      8a392b2bd1d01b107498407b4d29cbd718bde6c73b53cad4f5f11351ee9a784f7ad64683d79246d4f46b5940a6221bec12286c931fb18a65f4fd09f12b90ed21

    • SSDEEP

      3072:z1Diqfc//////eFIea2wTBILNmJ2NdmM42nj/+sWaPVFsNY0a/LZClX:zgsc//////eFtTNmOoMZRWiTZClX

    Score
    10/10
    gh0strataspackv2discoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks