Overview

overview

10

Static

static

10

JaffaCakes...d6.exe

windows7-x64

10

JaffaCakes...d6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3b54d73444e2626d7e2e6c6c5aba75d6

  • Size

    171KB

  • Sample

    250127-daa4cswrgz

  • MD5

    3b54d73444e2626d7e2e6c6c5aba75d6

  • SHA1

    aac897254e696646ad468c8b68c6d77d63c227ad

  • SHA256

    e0d7a06a466788ac07a82283466ad7d80c6465aefdbc6dc75f776e904465a08e

  • SHA512

    d5ecff03f496e7dba4c08d9f6d2136ea8ed01dfa2ce19c703732a02221e1b14ff0db72ecc6e79f9dee0aad87c5c43169728e4afd112d2e47ac49a9320dca3827

  • SSDEEP

    3072:WJuGnYhTbK80khbORf9xHwm1PXBmXZFeA28pM6EdePl9dehiv80P80Cnp8d69Z:WJueTk1OrdwaWB28edeP/deUv80P80AK

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_3b54d73444e2626d7e2e6c6c5aba75d6

    • Size

      171KB

    • MD5

      3b54d73444e2626d7e2e6c6c5aba75d6

    • SHA1

      aac897254e696646ad468c8b68c6d77d63c227ad

    • SHA256

      e0d7a06a466788ac07a82283466ad7d80c6465aefdbc6dc75f776e904465a08e

    • SHA512

      d5ecff03f496e7dba4c08d9f6d2136ea8ed01dfa2ce19c703732a02221e1b14ff0db72ecc6e79f9dee0aad87c5c43169728e4afd112d2e47ac49a9320dca3827

    • SSDEEP

      3072:WJuGnYhTbK80khbORf9xHwm1PXBmXZFeA28pM6EdePl9dehiv80P80Cnp8d69Z:WJueTk1OrdwaWB28edeP/deUv80P80AK

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks