General
-
Target
JaffaCakes118_451d6cde30a0963f38d16117aba86394
-
Size
98KB
-
Sample
250128-ayxqgs1pfk
-
MD5
451d6cde30a0963f38d16117aba86394
-
SHA1
a744be3accd0ecc894e6a742ee0b7198e6648250
-
SHA256
41b37b95dae9f283f6e9cb9cecd3f02389445666a81c658f0b9ed8588e32ba29
-
SHA512
795bff70c205c0b9ad1e52b589f17de529dcf6cbe300bd0e81364f0dfcfd5800e055ad7fe8cf61cf9a4d494592eaef16879252c6250eecc878a1035cb4df3387
-
SSDEEP
1536:QYFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prZP9mTVtZuga:QKS4jHS8q/3nTzePCwNUh4E9OZK
Malware Config
Targets
-
-
Target
JaffaCakes118_451d6cde30a0963f38d16117aba86394
-
Size
98KB
-
MD5
451d6cde30a0963f38d16117aba86394
-
SHA1
a744be3accd0ecc894e6a742ee0b7198e6648250
-
SHA256
41b37b95dae9f283f6e9cb9cecd3f02389445666a81c658f0b9ed8588e32ba29
-
SHA512
795bff70c205c0b9ad1e52b589f17de529dcf6cbe300bd0e81364f0dfcfd5800e055ad7fe8cf61cf9a4d494592eaef16879252c6250eecc878a1035cb4df3387
-
SSDEEP
1536:QYFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prZP9mTVtZuga:QKS4jHS8q/3nTzePCwNUh4E9OZK
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-