General
-
Target
b13fe187599c73c25149a7a8299a5970_JaffaCakes118
-
Size
272KB
-
Sample
241129-ppsshazngn
-
MD5
b13fe187599c73c25149a7a8299a5970
-
SHA1
24023ed2f1fcdd4f210dd7e7f5a70ddc6a67b334
-
SHA256
2e8f66626118c4fd3f427d44786856a51bcfc6c9b1e347269a0ad846e08e9e73
-
SHA512
66ee3047b534dc528f84b7ad48da73d4fe70ea76575d3f6461ffcf7502cf792ac960ab7d074cced3575d575e3f80efb7a8bf10b79b9d6f25836ecc7d51615966
-
SSDEEP
6144:ougeknopsZL02vIMQIp0+TTyYKAKMsHleE8wUVsBi:ougeknoyOA9VYHHCwas
Malware Config
Targets
-
-
Target
b13fe187599c73c25149a7a8299a5970_JaffaCakes118
-
Size
272KB
-
MD5
b13fe187599c73c25149a7a8299a5970
-
SHA1
24023ed2f1fcdd4f210dd7e7f5a70ddc6a67b334
-
SHA256
2e8f66626118c4fd3f427d44786856a51bcfc6c9b1e347269a0ad846e08e9e73
-
SHA512
66ee3047b534dc528f84b7ad48da73d4fe70ea76575d3f6461ffcf7502cf792ac960ab7d074cced3575d575e3f80efb7a8bf10b79b9d6f25836ecc7d51615966
-
SSDEEP
6144:ougeknopsZL02vIMQIp0+TTyYKAKMsHleE8wUVsBi:ougeknoyOA9VYHHCwas
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-