General
-
Target
JaffaCakes118_3d59037120950ff07b799968bdaa0b2e
-
Size
127KB
-
Sample
250127-jg8k4axrcx
-
MD5
3d59037120950ff07b799968bdaa0b2e
-
SHA1
329e24bf7498735f36716dc68ea18346e7473d09
-
SHA256
d9042ca1df3de9146643642c994990088875d16387aa627a445b2a6bcba6c8d3
-
SHA512
2140529800150c60d2c9c68ff26d35b0816c1953332194f3d1911803f0f2a811630de401ec6e5187624813bc812a35a0636d96bf0c1722ee1dfedbf983d76051
-
SSDEEP
3072:YNRc4ShP4nOAe9gcNOQXbXTCeUd7Aflo1MslsJ2:YNK4SwsgmjTdy7Afe1Ms6
Malware Config
Targets
-
-
Target
JaffaCakes118_3d59037120950ff07b799968bdaa0b2e
-
Size
127KB
-
MD5
3d59037120950ff07b799968bdaa0b2e
-
SHA1
329e24bf7498735f36716dc68ea18346e7473d09
-
SHA256
d9042ca1df3de9146643642c994990088875d16387aa627a445b2a6bcba6c8d3
-
SHA512
2140529800150c60d2c9c68ff26d35b0816c1953332194f3d1911803f0f2a811630de401ec6e5187624813bc812a35a0636d96bf0c1722ee1dfedbf983d76051
-
SSDEEP
3072:YNRc4ShP4nOAe9gcNOQXbXTCeUd7Aflo1MslsJ2:YNK4SwsgmjTdy7Afe1Ms6
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Deletes itself
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-