General

  • Target

    82ab14f89ba01cf38b7f588468ef6189_JaffaCakes118

  • Size

    710KB

  • Sample

    241031-l1tbmaxmhn

  • MD5

    82ab14f89ba01cf38b7f588468ef6189

  • SHA1

    4009f76d61a987f5b2ed5e1d8a4930d801090536

  • SHA256

    639ef1dfa48a857512e83ebfc0f77764874013a5e1b353862aad18b6b955337b

  • SHA512

    4b2162762eb2fa9741a1c6bc0e20ea11f197f3f93b6faa9f86552c7a0ee2d43381d212c644fdf5f510fd8d5ff1e3a61c3b6e55b7e4f59d8887164ab5f8be71ea

  • SSDEEP

    12288:BUIZVQQxfnr+TK7r79/JCtWCtCsbzm/6M5xVHANUTNrQ:BzVQQxfnr+TK7r79/JC/t3bi6M5xpQ

Malware Config

Targets

    • Target

      82ab14f89ba01cf38b7f588468ef6189_JaffaCakes118

    • Size

      710KB

    • MD5

      82ab14f89ba01cf38b7f588468ef6189

    • SHA1

      4009f76d61a987f5b2ed5e1d8a4930d801090536

    • SHA256

      639ef1dfa48a857512e83ebfc0f77764874013a5e1b353862aad18b6b955337b

    • SHA512

      4b2162762eb2fa9741a1c6bc0e20ea11f197f3f93b6faa9f86552c7a0ee2d43381d212c644fdf5f510fd8d5ff1e3a61c3b6e55b7e4f59d8887164ab5f8be71ea

    • SSDEEP

      12288:BUIZVQQxfnr+TK7r79/JCtWCtCsbzm/6M5xVHANUTNrQ:BzVQQxfnr+TK7r79/JC/t3bi6M5xpQ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks