Overview

overview

10

Static

static

10

JaffaCakes...22.exe

windows7-x64

10

JaffaCakes...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_48690b4ff7bf12c85b0ebdb4ac979f22

  • Size

    142KB

  • Sample

    250128-jewhra1rgw

  • MD5

    48690b4ff7bf12c85b0ebdb4ac979f22

  • SHA1

    99082d66f6532458b23670b2a86de093e489bed5

  • SHA256

    0d2b25eaf2d9794fa21b4d61d6ceae3357d57ced31456e8d8f43f6faf0fb6014

  • SHA512

    7749a0284a1c27f23e3470c68a67a191551d06e01d8eb9866f46952740f0d5514d9159d7f0a4e801cf0089c687197c253952a8c175cc3b9e1b19a3bb3d2d0348

  • SSDEEP

    3072:0CjbCCzKxkRMLiVUdx/j9dyDt+WDjNM7YKQo0iq/k/5F98:0CjmCOxkRlVmj9wFMsy0iqMW

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_48690b4ff7bf12c85b0ebdb4ac979f22

    • Size

      142KB

    • MD5

      48690b4ff7bf12c85b0ebdb4ac979f22

    • SHA1

      99082d66f6532458b23670b2a86de093e489bed5

    • SHA256

      0d2b25eaf2d9794fa21b4d61d6ceae3357d57ced31456e8d8f43f6faf0fb6014

    • SHA512

      7749a0284a1c27f23e3470c68a67a191551d06e01d8eb9866f46952740f0d5514d9159d7f0a4e801cf0089c687197c253952a8c175cc3b9e1b19a3bb3d2d0348

    • SSDEEP

      3072:0CjbCCzKxkRMLiVUdx/j9dyDt+WDjNM7YKQo0iq/k/5F98:0CjmCOxkRlVmj9wFMsy0iqMW

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks