General
-
Target
JaffaCakes118_517868cb2954b4e6a133593e6b342475
-
Size
184KB
-
Sample
250129-cb9gwaxlc1
-
MD5
517868cb2954b4e6a133593e6b342475
-
SHA1
d97b6a8892ba534f6195c0b14b38c76f946a64aa
-
SHA256
77e73256d33f6cf6f1a714068fdd1d7883921761d8587ec93f7db3a42cd4e442
-
SHA512
e475e490493cf20b42c42498a21158abc9cc61f311fbbdf8dd8c772fb1e3e2c0cd71a0c8d617f79b3a888e4376fae84c13dc91f3c72ef73108656aaa32f63c36
-
SSDEEP
3072:yffBs6W722mjGNmsO02wjZ1MDET5mDWRlb6BT9LjtEcUHEspJGTBtINhxO5+:QfBs6W07sO02wj/Rho+5EGGTL4hxO5
Malware Config
Targets
-
-
Target
JaffaCakes118_517868cb2954b4e6a133593e6b342475
-
Size
184KB
-
MD5
517868cb2954b4e6a133593e6b342475
-
SHA1
d97b6a8892ba534f6195c0b14b38c76f946a64aa
-
SHA256
77e73256d33f6cf6f1a714068fdd1d7883921761d8587ec93f7db3a42cd4e442
-
SHA512
e475e490493cf20b42c42498a21158abc9cc61f311fbbdf8dd8c772fb1e3e2c0cd71a0c8d617f79b3a888e4376fae84c13dc91f3c72ef73108656aaa32f63c36
-
SSDEEP
3072:yffBs6W722mjGNmsO02wjZ1MDET5mDWRlb6BT9LjtEcUHEspJGTBtINhxO5+:QfBs6W07sO02wj/Rho+5EGGTL4hxO5
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-