General
-
Target
JaffaCakes118_4beb2dc6e6ddb5f9c44f65d2ecf15700
-
Size
191KB
-
Sample
250128-rvj4navjgl
-
MD5
4beb2dc6e6ddb5f9c44f65d2ecf15700
-
SHA1
85ca05199f36c0f5918c9de4bf0ff268b6bad95f
-
SHA256
d76db7f6580126a1217c47c5136b113711425e1c5380017c1732d12822c3ac76
-
SHA512
7f9c9d2634f2b891e86e1b1f0ffa8a07f295428248a9a269a91e2c2d16e57056dced9087bd3c37fb3c2be4a4ea4e5447fcc48595315037bc7634e0cb6a68d104
-
SSDEEP
3072:Hnk0q9YAjEFz7cUa8v2KvwSKJJQzL6Ql5OgjPbfvdIC7w8LjEuPqmJpX/YGRg:XeY4EFcU3wVJJsjHBbfvXMUdN/PO
Malware Config
Targets
-
-
Target
JaffaCakes118_4beb2dc6e6ddb5f9c44f65d2ecf15700
-
Size
191KB
-
MD5
4beb2dc6e6ddb5f9c44f65d2ecf15700
-
SHA1
85ca05199f36c0f5918c9de4bf0ff268b6bad95f
-
SHA256
d76db7f6580126a1217c47c5136b113711425e1c5380017c1732d12822c3ac76
-
SHA512
7f9c9d2634f2b891e86e1b1f0ffa8a07f295428248a9a269a91e2c2d16e57056dced9087bd3c37fb3c2be4a4ea4e5447fcc48595315037bc7634e0cb6a68d104
-
SSDEEP
3072:Hnk0q9YAjEFz7cUa8v2KvwSKJJQzL6Ql5OgjPbfvdIC7w8LjEuPqmJpX/YGRg:XeY4EFcU3wVJJsjHBbfvXMUdN/PO
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Server Software Component: Terminal Services DLL
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-