Overview

overview

10

Static

static

3

JaffaCakes...6a.exe

windows7-x64

10

JaffaCakes...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_43d8278ed94d8c32f296730477847d6a

  • Size

    183KB

  • Sample

    250127-1ay7hswla1

  • MD5

    43d8278ed94d8c32f296730477847d6a

  • SHA1

    334dc92b3e2d979cc08557efa6d01ddaae4ca952

  • SHA256

    4efce1d51ff9fa4375c784627f4bd508bc7ba77dc2d1e05569c9943402a158d5

  • SHA512

    f5a1c92d3fe87912d72692afb8413e8c1b6e6557a347341ce0e19d88810d7a644ea84d420569c2abeb6ab7f7814f51ce4e86b15ab6c37eca4d9db730a9eeaa52

  • SSDEEP

    3072:bMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRN:o9MMmwzlqUHoeWofjjpAViY/lH6h+EvN

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_43d8278ed94d8c32f296730477847d6a

    • Size

      183KB

    • MD5

      43d8278ed94d8c32f296730477847d6a

    • SHA1

      334dc92b3e2d979cc08557efa6d01ddaae4ca952

    • SHA256

      4efce1d51ff9fa4375c784627f4bd508bc7ba77dc2d1e05569c9943402a158d5

    • SHA512

      f5a1c92d3fe87912d72692afb8413e8c1b6e6557a347341ce0e19d88810d7a644ea84d420569c2abeb6ab7f7814f51ce4e86b15ab6c37eca4d9db730a9eeaa52

    • SSDEEP

      3072:bMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRN:o9MMmwzlqUHoeWofjjpAViY/lH6h+EvN

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks