Overview

overview

10

Static

static

10

JaffaCakes...bc.exe

windows7-x64

10

JaffaCakes...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_422ba312b995b8d000f797b8c7bb0cbc

  • Size

    159KB

  • Sample

    250127-wba4vszqdl

  • MD5

    422ba312b995b8d000f797b8c7bb0cbc

  • SHA1

    79c787b3b0443f18ebd8ee4c9809663a7f9741ce

  • SHA256

    dba9cbfd3c5dd8595d50c64583b295289673a664b908aab6da35b7adc5b818ad

  • SHA512

    20a4f1d21b3da2b4448a89bdd337c16a915bf0ea162a6a33ef265ceea1113ec9ac44508f2723a0c07d8bd91569d56017d186b5765695d2e2fcdd75364f56d4bd

  • SSDEEP

    3072:PP5Cbz70dZlVfp9O0moWOQJdpgMxsdSyg4TvtcMk8Lyzb8ckivlu5K7iCbmc:PPHVB9ONoWOQHpl2GkGMkSgb8Svlu5Kb

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_422ba312b995b8d000f797b8c7bb0cbc

    • Size

      159KB

    • MD5

      422ba312b995b8d000f797b8c7bb0cbc

    • SHA1

      79c787b3b0443f18ebd8ee4c9809663a7f9741ce

    • SHA256

      dba9cbfd3c5dd8595d50c64583b295289673a664b908aab6da35b7adc5b818ad

    • SHA512

      20a4f1d21b3da2b4448a89bdd337c16a915bf0ea162a6a33ef265ceea1113ec9ac44508f2723a0c07d8bd91569d56017d186b5765695d2e2fcdd75364f56d4bd

    • SSDEEP

      3072:PP5Cbz70dZlVfp9O0moWOQJdpgMxsdSyg4TvtcMk8Lyzb8ckivlu5K7iCbmc:PPHVB9ONoWOQHpl2GkGMkSgb8Svlu5Kb

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks