General
-
Target
JaffaCakes118_3da2cf420147e2a68f5ac0458ed65f8e
-
Size
373KB
-
Sample
250127-j6he7s1jfk
-
MD5
3da2cf420147e2a68f5ac0458ed65f8e
-
SHA1
8f20c31c4572a8927983b94ba334e2db9216a0c1
-
SHA256
12d543f6a5c8d36a324ef1c7892b45f5a3971c6543805b3d0cfab7886f4a7320
-
SHA512
7b9e5dd37b0c6280674b7f48cee8d51fd416947c614480daeff585f2b65ffcabc6461acb437b97c6e5657242fe9cd27972db91a000f3bdf9d769e05e498736b5
-
SSDEEP
6144:zSY9h4EyALXWoPYL3AjqP3ZJZZnNcwawE+3V1accsgF7M1EoI01kxbwK0SNjk5Dp:zSoS5ASoAMeZxnNvKiV4cJS72EXOSZkn
Malware Config
Targets
-
-
Target
JaffaCakes118_3da2cf420147e2a68f5ac0458ed65f8e
-
Size
373KB
-
MD5
3da2cf420147e2a68f5ac0458ed65f8e
-
SHA1
8f20c31c4572a8927983b94ba334e2db9216a0c1
-
SHA256
12d543f6a5c8d36a324ef1c7892b45f5a3971c6543805b3d0cfab7886f4a7320
-
SHA512
7b9e5dd37b0c6280674b7f48cee8d51fd416947c614480daeff585f2b65ffcabc6461acb437b97c6e5657242fe9cd27972db91a000f3bdf9d769e05e498736b5
-
SSDEEP
6144:zSY9h4EyALXWoPYL3AjqP3ZJZZnNcwawE+3V1accsgF7M1EoI01kxbwK0SNjk5Dp:zSoS5ASoAMeZxnNvKiV4cJS72EXOSZkn
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-