General

  • Target

    JaffaCakes118_45fd681eaf9789b7a074a014a1a48b01

  • Size

    96KB

  • Sample

    250128-c1r9wstrbz

  • MD5

    45fd681eaf9789b7a074a014a1a48b01

  • SHA1

    04f411ced4b1b89d195ceec7a5a29405c9c20115

  • SHA256

    63c6e42f1be316c70d5e1b0887adb5ee2c9bffc3f48487ed21f8a170b20b1874

  • SHA512

    de1a4b73af1e1befac7e9e0647660dd4b8495c4cd7350c63e187d8db3f47e688e6ffc83cd8e09f19b85094008444513de73ea5cd498314035ddc7e81f6dbeea2

  • SSDEEP

    1536:TbFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prliXc20YA:TVS4jHS8q/3nTzePCwNUh4E9lMc2fA

Malware Config

Targets

    • Target

      JaffaCakes118_45fd681eaf9789b7a074a014a1a48b01

    • Size

      96KB

    • MD5

      45fd681eaf9789b7a074a014a1a48b01

    • SHA1

      04f411ced4b1b89d195ceec7a5a29405c9c20115

    • SHA256

      63c6e42f1be316c70d5e1b0887adb5ee2c9bffc3f48487ed21f8a170b20b1874

    • SHA512

      de1a4b73af1e1befac7e9e0647660dd4b8495c4cd7350c63e187d8db3f47e688e6ffc83cd8e09f19b85094008444513de73ea5cd498314035ddc7e81f6dbeea2

    • SSDEEP

      1536:TbFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prliXc20YA:TVS4jHS8q/3nTzePCwNUh4E9lMc2fA

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.