Overview

overview

10

Static

static

10

JaffaCakes...9c.exe

windows7-x64

10

JaffaCakes...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3fd1041f162c9128a5ff121a6ebc779c

  • Size

    115KB

  • Sample

    250127-p9y51szrbn

  • MD5

    3fd1041f162c9128a5ff121a6ebc779c

  • SHA1

    d4fb09d97cd3192d9439777f6512272fcb39085e

  • SHA256

    f30d0ea6ac0a5ce7bc44a249de90e39e077b759bb020d66f4d1d8d057cf9cda5

  • SHA512

    6515fd0bffc915ac9c2c0f853df807eec2e41f141aad71a140e480cb0a11ee6218579d32e8d329fda3d38f30e486c9ae8ca037443f9e9b18fe6371309cb7637b

  • SSDEEP

    3072:Ww/ka7H89k0RILjhcDxCQ1s9bjaEBUJn/I2GA6t1KkHp:DMaGk0RILjso/93aVJnA2GJb

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_3fd1041f162c9128a5ff121a6ebc779c

    • Size

      115KB

    • MD5

      3fd1041f162c9128a5ff121a6ebc779c

    • SHA1

      d4fb09d97cd3192d9439777f6512272fcb39085e

    • SHA256

      f30d0ea6ac0a5ce7bc44a249de90e39e077b759bb020d66f4d1d8d057cf9cda5

    • SHA512

      6515fd0bffc915ac9c2c0f853df807eec2e41f141aad71a140e480cb0a11ee6218579d32e8d329fda3d38f30e486c9ae8ca037443f9e9b18fe6371309cb7637b

    • SSDEEP

      3072:Ww/ka7H89k0RILjhcDxCQ1s9bjaEBUJn/I2GA6t1KkHp:DMaGk0RILjso/93aVJnA2GJb

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks