General

  • Target

    JaffaCakes118_449f46a89b69413481670d6139f113a4

  • Size

    197KB

  • Sample

    250127-3c23aszkgk

  • MD5

    449f46a89b69413481670d6139f113a4

  • SHA1

    c18b6bfdc25cdb96485e01fe7c4001b95c636714

  • SHA256

    12611f1a00199c0c42390a3aa760633cddf25de3b691e8f1c3050f3d525e1f71

  • SHA512

    e972ba878a6d6cca45eab01ca1fb7bc6b0acb8809f36588c29cc5ce3c1af4ebface23020772a800628bba766ae0a4ba9cc02f1da65df069c55df2ff31f20b371

  • SSDEEP

    6144:oOVLnWFcOFtsFkVRTl0QdTmNPPYhLUgP4:o8LWFd+kV1KIo+74

Score
10/10

Malware Config

Targets

    • Target

      JaffaCakes118_449f46a89b69413481670d6139f113a4

    • Size

      197KB

    • MD5

      449f46a89b69413481670d6139f113a4

    • SHA1

      c18b6bfdc25cdb96485e01fe7c4001b95c636714

    • SHA256

      12611f1a00199c0c42390a3aa760633cddf25de3b691e8f1c3050f3d525e1f71

    • SHA512

      e972ba878a6d6cca45eab01ca1fb7bc6b0acb8809f36588c29cc5ce3c1af4ebface23020772a800628bba766ae0a4ba9cc02f1da65df069c55df2ff31f20b371

    • SSDEEP

      6144:oOVLnWFcOFtsFkVRTl0QdTmNPPYhLUgP4:o8LWFd+kV1KIo+74

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.