General

  • Target

    JaffaCakes118_45d9487af7ac4ba9fcb15de1db73d973

  • Size

    95KB

  • Sample

    250128-cp5e3strfm

  • MD5

    45d9487af7ac4ba9fcb15de1db73d973

  • SHA1

    68643d11a7701c1776a7da12caf4f16b87fa6c20

  • SHA256

    120a4e441684050ef1bd2fa4d131b5846e76c35a880e1215012c5328066583f1

  • SHA512

    3610c5a4638472147ccb9844849889e929cd3b8c1fa844e0382cd583fd4606c3d085cb818af9e21da3bb43ebed34f6db3a547cd64631597e880c2807feaadb52

  • SSDEEP

    1536:GNFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prgq5AubkI:GzS4jHS8q/3nTzePCwNUh4E9z52I

Malware Config

Targets

    • Target

      JaffaCakes118_45d9487af7ac4ba9fcb15de1db73d973

    • Size

      95KB

    • MD5

      45d9487af7ac4ba9fcb15de1db73d973

    • SHA1

      68643d11a7701c1776a7da12caf4f16b87fa6c20

    • SHA256

      120a4e441684050ef1bd2fa4d131b5846e76c35a880e1215012c5328066583f1

    • SHA512

      3610c5a4638472147ccb9844849889e929cd3b8c1fa844e0382cd583fd4606c3d085cb818af9e21da3bb43ebed34f6db3a547cd64631597e880c2807feaadb52

    • SSDEEP

      1536:GNFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prgq5AubkI:GzS4jHS8q/3nTzePCwNUh4E9z52I

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.