Overview

overview

10

Static

static

10

JaffaCakes...29.exe

windows7-x64

10

JaffaCakes...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_43bf4ae0cb3e739749d7e0767b703829

  • Size

    38KB

  • Sample

    250127-z2sy5swmgj

  • MD5

    43bf4ae0cb3e739749d7e0767b703829

  • SHA1

    36a9e6d0cc45c7f80a7e8f1ca6d0ced384a050e2

  • SHA256

    8f7c40cac9366d5c195c56b235f995cbdf284bccc834bd7b0cc8c93398704c90

  • SHA512

    53b510acd94b86100ca4487e69405d67a6de048d5b03239c161430ce4f6c917310b20801f734955c70535f1dd822b359e60387b36879dd3e029c816fbbd36d57

  • SSDEEP

    768:b8mB/VGShQBFKovz7JtHzyGrx/UcWC2//uD/A:TB/IShZqz7JtHzyIx/U9/u/A

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_43bf4ae0cb3e739749d7e0767b703829

    • Size

      38KB

    • MD5

      43bf4ae0cb3e739749d7e0767b703829

    • SHA1

      36a9e6d0cc45c7f80a7e8f1ca6d0ced384a050e2

    • SHA256

      8f7c40cac9366d5c195c56b235f995cbdf284bccc834bd7b0cc8c93398704c90

    • SHA512

      53b510acd94b86100ca4487e69405d67a6de048d5b03239c161430ce4f6c917310b20801f734955c70535f1dd822b359e60387b36879dd3e029c816fbbd36d57

    • SSDEEP

      768:b8mB/VGShQBFKovz7JtHzyGrx/UcWC2//uD/A:TB/IShZqz7JtHzyIx/U9/u/A

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Blocklisted process makes network request

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks