General
-
Target
JaffaCakes118_463c02aeef9b48b276ac6900eacb113a
-
Size
229KB
-
Sample
250128-djtl3avrcn
-
MD5
463c02aeef9b48b276ac6900eacb113a
-
SHA1
51cc1ea108b100d6dd9905afcdf16b985956b440
-
SHA256
d2439e91350d1e304a0b8355fe5ca3fb5bfada2dfe1ef21b7e9685dd5ca7d84b
-
SHA512
17bd9cd62b2ee36573f5f4da51259673b624accbeb3781732d1039d4774b4514f1e5159412a607369a6aaaea70076ed81ac46665a0c18772c0a9d78aec352cae
-
SSDEEP
6144:sevT6WnB3CVDvPM2jgd0Xg9wFaEIVUpo/spMEhGIizhCyJl:lb6ytQDvPM2jgWywUKo/YMVYyJl
Malware Config
Targets
-
-
Target
JaffaCakes118_463c02aeef9b48b276ac6900eacb113a
-
Size
229KB
-
MD5
463c02aeef9b48b276ac6900eacb113a
-
SHA1
51cc1ea108b100d6dd9905afcdf16b985956b440
-
SHA256
d2439e91350d1e304a0b8355fe5ca3fb5bfada2dfe1ef21b7e9685dd5ca7d84b
-
SHA512
17bd9cd62b2ee36573f5f4da51259673b624accbeb3781732d1039d4774b4514f1e5159412a607369a6aaaea70076ed81ac46665a0c18772c0a9d78aec352cae
-
SSDEEP
6144:sevT6WnB3CVDvPM2jgd0Xg9wFaEIVUpo/spMEhGIizhCyJl:lb6ytQDvPM2jgWywUKo/YMVYyJl
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-