General
-
Target
JaffaCakes118_3fc09a37f0c7da1a4d5f0486a115365b
-
Size
150KB
-
Sample
250127-p5t1hayrcy
-
MD5
3fc09a37f0c7da1a4d5f0486a115365b
-
SHA1
b28715eb2931ddc5308a3bb5462e0a1f24282e76
-
SHA256
36b8aa9315afba0c3bce729f0889fb033f01189f05e1a22994445d702ec612c0
-
SHA512
71fde22e3de0f2ad529d5a0345985eeddaab19953087887f0c24819f55aa72ab3cba1755e3120241ceeb87519f063eaeb1a116278f796c4c2acc4b8adf4ca77a
-
SSDEEP
3072:uv5zQKSJs/rWDVV8EcUqgzOc8hdF/7oQkx5YbMHkdv2r:c5MK2orQ7XAgzahdJ3s5YKIvQ
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_3fc09a37f0c7da1a4d5f0486a115365b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_3fc09a37f0c7da1a4d5f0486a115365b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_3fc09a37f0c7da1a4d5f0486a115365b
-
Size
150KB
-
MD5
3fc09a37f0c7da1a4d5f0486a115365b
-
SHA1
b28715eb2931ddc5308a3bb5462e0a1f24282e76
-
SHA256
36b8aa9315afba0c3bce729f0889fb033f01189f05e1a22994445d702ec612c0
-
SHA512
71fde22e3de0f2ad529d5a0345985eeddaab19953087887f0c24819f55aa72ab3cba1755e3120241ceeb87519f063eaeb1a116278f796c4c2acc4b8adf4ca77a
-
SSDEEP
3072:uv5zQKSJs/rWDVV8EcUqgzOc8hdF/7oQkx5YbMHkdv2r:c5MK2orQ7XAgzahdJ3s5YKIvQ
Score10/10-
Gh0st RAT payload
-
Gh0strat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-