Overview

overview

10

Static

static

10

JaffaCakes...8b.exe

windows7-x64

3

JaffaCakes...8b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4755680213007b40e0acbb5892de738b

  • Size

    170KB

  • Sample

    250128-f6lk3syqbk

  • MD5

    4755680213007b40e0acbb5892de738b

  • SHA1

    d822522fe10c1c224dd9e612fedc1ce4a88cc04e

  • SHA256

    5cea6d2af169f4582963691ef9c61713797890be279db7a6ae6acb0138b5e8a9

  • SHA512

    b59ca55c6c62b245cbe9c1716771b33f7ad2796f5bdd746028234878cc3e713e0b71a902504b15bd1a0cf8a393f67ab3238f547ab18ec74d2f2658b2d5188221

  • SSDEEP

    3072:icjYIOetgpJL9i55nLXaq5UI+Md0PU4PU4VLa1hsBwsObC9MVnDP:1jYF4BmM5d08V4pMhswsaSMd

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_4755680213007b40e0acbb5892de738b

    • Size

      170KB

    • MD5

      4755680213007b40e0acbb5892de738b

    • SHA1

      d822522fe10c1c224dd9e612fedc1ce4a88cc04e

    • SHA256

      5cea6d2af169f4582963691ef9c61713797890be279db7a6ae6acb0138b5e8a9

    • SHA512

      b59ca55c6c62b245cbe9c1716771b33f7ad2796f5bdd746028234878cc3e713e0b71a902504b15bd1a0cf8a393f67ab3238f547ab18ec74d2f2658b2d5188221

    • SSDEEP

      3072:icjYIOetgpJL9i55nLXaq5UI+Md0PU4PU4VLa1hsBwsObC9MVnDP:1jYF4BmM5d08V4pMhswsaSMd

    Score
    10/10
    discoverygh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks