Overview

overview

10

Static

static

10

JaffaCakes...8b.exe

windows7-x64

10

JaffaCakes...8b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3ef2035ae2b543a1ee9153de6c52808b

  • Size

    131KB

  • Sample

    250127-m8dftavqhw

  • MD5

    3ef2035ae2b543a1ee9153de6c52808b

  • SHA1

    a1fbed0b629f7501b978c558892644bc3a70dfb8

  • SHA256

    e5367beae3a7f84f9898b48067dad0077028a73016d7088ea0981b07a3692126

  • SHA512

    9fcecc788439b971286435cbe7d34f5808ab192cf4249c3878a855e3bbb4f70a6d5387011178d52383137f9ce1dc8ada182136635a39d7fc53a48ea7eb5b6f9f

  • SSDEEP

    3072:99IGrzfvjtlN9F3v8Xg3GPp8Wbpe/SeI7PKm/HpU0L3eqn3V97hC:999rTvjPvF3v8Q32Q9IT9m0T/n8

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_3ef2035ae2b543a1ee9153de6c52808b

    • Size

      131KB

    • MD5

      3ef2035ae2b543a1ee9153de6c52808b

    • SHA1

      a1fbed0b629f7501b978c558892644bc3a70dfb8

    • SHA256

      e5367beae3a7f84f9898b48067dad0077028a73016d7088ea0981b07a3692126

    • SHA512

      9fcecc788439b971286435cbe7d34f5808ab192cf4249c3878a855e3bbb4f70a6d5387011178d52383137f9ce1dc8ada182136635a39d7fc53a48ea7eb5b6f9f

    • SSDEEP

      3072:99IGrzfvjtlN9F3v8Xg3GPp8Wbpe/SeI7PKm/HpU0L3eqn3V97hC:999rTvjPvF3v8Q32Q9IT9m0T/n8

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks