General

  • Target

    JaffaCakes118_574bdfdff36ef931fbc19f3a53776034

  • Size

    127KB

  • Sample

    250129-qkpqqayqcz

  • MD5

    574bdfdff36ef931fbc19f3a53776034

  • SHA1

    c10f6bc157f513108e713340b2d8d7923ba9ca50

  • SHA256

    b22c86b73dc32c8a0b08d2329d2c80c7ac57e55671753457c70bb2acbf6d6d32

  • SHA512

    b531092f19a09bc5cc20d5cc6db7e3cfb057cc8036911e3086f436fb30e2cc463ac16731ddf89d0fe1dd6ea9da38b4519d142e39d5c7d6492854ecebe6520bdb

  • SSDEEP

    3072:Z7aVnnvIStWq73hGUmv06+W5/RahJ1jOkVt:Z7aVnnvIStWqz8UmMi5ZAJ1j3

Malware Config

Targets

    • Target

      JaffaCakes118_574bdfdff36ef931fbc19f3a53776034

    • Size

      127KB

    • MD5

      574bdfdff36ef931fbc19f3a53776034

    • SHA1

      c10f6bc157f513108e713340b2d8d7923ba9ca50

    • SHA256

      b22c86b73dc32c8a0b08d2329d2c80c7ac57e55671753457c70bb2acbf6d6d32

    • SHA512

      b531092f19a09bc5cc20d5cc6db7e3cfb057cc8036911e3086f436fb30e2cc463ac16731ddf89d0fe1dd6ea9da38b4519d142e39d5c7d6492854ecebe6520bdb

    • SSDEEP

      3072:Z7aVnnvIStWq73hGUmv06+W5/RahJ1jOkVt:Z7aVnnvIStWqz8UmMi5ZAJ1j3

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Blocklisted process makes network request

    • Server Software Component: Terminal Services DLL

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.