General
-
Target
JaffaCakes118_4296aeaa8a4e7f78e0c47c39b87d8910
-
Size
119KB
-
Sample
250127-xedjts1mfy
-
MD5
4296aeaa8a4e7f78e0c47c39b87d8910
-
SHA1
0f232392acf5088124d90545a53ad703a41ff746
-
SHA256
cdb9e5de54c73e2d93ceade5cf79fb58d4a124fe940259a2d5642771f343ae59
-
SHA512
1d37b67ec532301d24f27525d50c82a9797a9ada83ab33f9b4660b4297c3d0f7223cc1112f292b8de69017e9d14986973ac1d9ab35a6dd97a95ae9df100aa1a2
-
SSDEEP
3072:mLk395hYXJh3ZUoghL84P+m4HWwHVaJHKOLp6AYqUB:mQqzZUoghVQ29aAAB
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4296aeaa8a4e7f78e0c47c39b87d8910.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4296aeaa8a4e7f78e0c47c39b87d8910.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
perser.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
JaffaCakes118_4296aeaa8a4e7f78e0c47c39b87d8910
-
Size
119KB
-
MD5
4296aeaa8a4e7f78e0c47c39b87d8910
-
SHA1
0f232392acf5088124d90545a53ad703a41ff746
-
SHA256
cdb9e5de54c73e2d93ceade5cf79fb58d4a124fe940259a2d5642771f343ae59
-
SHA512
1d37b67ec532301d24f27525d50c82a9797a9ada83ab33f9b4660b4297c3d0f7223cc1112f292b8de69017e9d14986973ac1d9ab35a6dd97a95ae9df100aa1a2
-
SSDEEP
3072:mLk395hYXJh3ZUoghL84P+m4HWwHVaJHKOLp6AYqUB:mQqzZUoghVQ29aAAB
-
Gh0st RAT payload
-
Gh0strat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
perser.exe
-
Size
94KB
-
MD5
ecd70f7731330a6a277772830ad53592
-
SHA1
fcaaf6f0848bde746040bb6b4cf87f5668edf487
-
SHA256
e1fb4f907fae8ca2ff75ec3cd1ccdddb51a29226fac3963202a9ed28979e105d
-
SHA512
c9741b95725555d37ba271fbb28e8a6144e298fe9b8562fbe4df13fef61f96dafb6dfab714e82a80d28333eaa6466c43db7a73d5ab7780db4e289be6ca32bb72
-
SSDEEP
1536:4FQkQsiZkoa2BhmUB4I+yuDg1uUO2mntP2qZNKHuNMaSJETxmIGykRZhcMePL:4FQkQhZkOLfuDg0PtOqzKONqsEykRLSD
-
Gh0st RAT payload
-
Gh0strat family
-