Overview

overview

10

Static

static

3

JaffaCakes...1c.exe

windows7-x64

10

JaffaCakes...1c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4bb436e366bc63b6086b415a931a7d1c

  • Size

    197KB

  • Sample

    250128-rdpb2s1kcw

  • MD5

    4bb436e366bc63b6086b415a931a7d1c

  • SHA1

    e650151697cabf8a8e97bf1fc413c8e6d1e88478

  • SHA256

    023009a501cb4457ab1262cd0ccf4210e651cb3074895de7c7632bcad801b96c

  • SHA512

    e8b4bafa1cee858dcae8843f77d5b86b2661159d336226a1258312ab72e4759929924005935a45f96670638350fe244045cdefa1f341a6bcafc5b47ee8b47f7f

  • SSDEEP

    6144:gOVLnWFcvFtsFkVRTl0QdTmNPPYhVUeqPT:g8LWF++kV1KIo+pYT

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_4bb436e366bc63b6086b415a931a7d1c

    • Size

      197KB

    • MD5

      4bb436e366bc63b6086b415a931a7d1c

    • SHA1

      e650151697cabf8a8e97bf1fc413c8e6d1e88478

    • SHA256

      023009a501cb4457ab1262cd0ccf4210e651cb3074895de7c7632bcad801b96c

    • SHA512

      e8b4bafa1cee858dcae8843f77d5b86b2661159d336226a1258312ab72e4759929924005935a45f96670638350fe244045cdefa1f341a6bcafc5b47ee8b47f7f

    • SSDEEP

      6144:gOVLnWFcvFtsFkVRTl0QdTmNPPYhVUeqPT:g8LWF++kV1KIo+pYT

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks