Overview

overview

10

Static

static

10

JaffaCakes...e1.exe

windows7-x64

10

JaffaCakes...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_52fd6fb393c2d8c85ab76b27559ee1e1

  • Size

    852KB

  • Sample

    250129-fnwcka1qat

  • MD5

    52fd6fb393c2d8c85ab76b27559ee1e1

  • SHA1

    117c10966ca4f770dc0d0059286d7a4a6f3cc7bb

  • SHA256

    65670ddbd1d893929df544ff3497a79e870b2d7fc383e9341b61589b80206422

  • SHA512

    7c2093cca6f64961c6810a68368188cffdd49e4bd9b2e6ca91f37b70622537c9ef3c6322ff75200e65bce85ab3cef231663cbcd6f48b0cf49483b0797881d7fc

  • SSDEEP

    12288:eM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmTnu:eM5j8Z3aKHx5r+TuxX+IwffFTnu

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_52fd6fb393c2d8c85ab76b27559ee1e1

    • Size

      852KB

    • MD5

      52fd6fb393c2d8c85ab76b27559ee1e1

    • SHA1

      117c10966ca4f770dc0d0059286d7a4a6f3cc7bb

    • SHA256

      65670ddbd1d893929df544ff3497a79e870b2d7fc383e9341b61589b80206422

    • SHA512

      7c2093cca6f64961c6810a68368188cffdd49e4bd9b2e6ca91f37b70622537c9ef3c6322ff75200e65bce85ab3cef231663cbcd6f48b0cf49483b0797881d7fc

    • SSDEEP

      12288:eM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmTnu:eM5j8Z3aKHx5r+TuxX+IwffFTnu

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks