General

  • Target

    JaffaCakes118_4296aeaa8a4e7f78e0c47c39b87d8910

  • Size

    119KB

  • Sample

    250127-xedjts1mfy

  • MD5

    4296aeaa8a4e7f78e0c47c39b87d8910

  • SHA1

    0f232392acf5088124d90545a53ad703a41ff746

  • SHA256

    cdb9e5de54c73e2d93ceade5cf79fb58d4a124fe940259a2d5642771f343ae59

  • SHA512

    1d37b67ec532301d24f27525d50c82a9797a9ada83ab33f9b4660b4297c3d0f7223cc1112f292b8de69017e9d14986973ac1d9ab35a6dd97a95ae9df100aa1a2

  • SSDEEP

    3072:mLk395hYXJh3ZUoghL84P+m4HWwHVaJHKOLp6AYqUB:mQqzZUoghVQ29aAAB

Malware Config

Targets

    • Target

      JaffaCakes118_4296aeaa8a4e7f78e0c47c39b87d8910

    • Size

      119KB

    • MD5

      4296aeaa8a4e7f78e0c47c39b87d8910

    • SHA1

      0f232392acf5088124d90545a53ad703a41ff746

    • SHA256

      cdb9e5de54c73e2d93ceade5cf79fb58d4a124fe940259a2d5642771f343ae59

    • SHA512

      1d37b67ec532301d24f27525d50c82a9797a9ada83ab33f9b4660b4297c3d0f7223cc1112f292b8de69017e9d14986973ac1d9ab35a6dd97a95ae9df100aa1a2

    • SSDEEP

      3072:mLk395hYXJh3ZUoghL84P+m4HWwHVaJHKOLp6AYqUB:mQqzZUoghVQ29aAAB

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      perser.exe

    • Size

      94KB

    • MD5

      ecd70f7731330a6a277772830ad53592

    • SHA1

      fcaaf6f0848bde746040bb6b4cf87f5668edf487

    • SHA256

      e1fb4f907fae8ca2ff75ec3cd1ccdddb51a29226fac3963202a9ed28979e105d

    • SHA512

      c9741b95725555d37ba271fbb28e8a6144e298fe9b8562fbe4df13fef61f96dafb6dfab714e82a80d28333eaa6466c43db7a73d5ab7780db4e289be6ca32bb72

    • SSDEEP

      1536:4FQkQsiZkoa2BhmUB4I+yuDg1uUO2mntP2qZNKHuNMaSJETxmIGykRZhcMePL:4FQkQhZkOLfuDg0PtOqzKONqsEykRLSD

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.