Overview

overview

10

Static

static

10

JaffaCakes...16.exe

windows7-x64

10

JaffaCakes...16.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_54cb5a87217060c68247c8126baf1716

  • Size

    121KB

  • Sample

    250129-kfcygasmht

  • MD5

    54cb5a87217060c68247c8126baf1716

  • SHA1

    b951fff281a71ddceb9c8d9e8259c6755b444dd9

  • SHA256

    7916bc3da53236edb952565d17992a0f0c7dce9768ce3f34da20305e2cec22e0

  • SHA512

    8347aeafe2f24eab9de4a88ee286485021049b9ebd0e13683b21423cbcc84d12aeda9ec6fe3e0ea0d42dabe047a61be4c115451947509aa4498b8f574e01c070

  • SSDEEP

    3072:AuHc+BZ8zr6pdTHogka9dZZpgci7sOf/LlCnAUJv6Pkb:AEc+L8zr0RHogtJ+9/xGJv1

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_54cb5a87217060c68247c8126baf1716

    • Size

      121KB

    • MD5

      54cb5a87217060c68247c8126baf1716

    • SHA1

      b951fff281a71ddceb9c8d9e8259c6755b444dd9

    • SHA256

      7916bc3da53236edb952565d17992a0f0c7dce9768ce3f34da20305e2cec22e0

    • SHA512

      8347aeafe2f24eab9de4a88ee286485021049b9ebd0e13683b21423cbcc84d12aeda9ec6fe3e0ea0d42dabe047a61be4c115451947509aa4498b8f574e01c070

    • SSDEEP

      3072:AuHc+BZ8zr6pdTHogka9dZZpgci7sOf/LlCnAUJv6Pkb:AEc+L8zr0RHogtJ+9/xGJv1

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks