Overview

overview

10

Static

static

3

JaffaCakes...f0.exe

windows7-x64

10

JaffaCakes...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3ec86d0266e990db3a951f239687a6f0

  • Size

    120KB

  • Sample

    250302-jbdtjayrz6

  • MD5

    3ec86d0266e990db3a951f239687a6f0

  • SHA1

    c5c370331a12bf10115eeb17401aad1b95654f85

  • SHA256

    31c67757417a79aca92d2a112d64245b8452080deeb8c96ea37e781d78c750ca

  • SHA512

    9507dab9b169007bfe1afb060a2ded6fae5466469330f875b89cbcf24cc16b87514723cb89e942d7cbe05562b5edaf787dba2d55be8821b91d33f9a8f0237707

  • SSDEEP

    3072:yLk395hYXJePspYCAh7Ap8DLPw3rywS3pWAgZjf0:yQqiHxkGDs+wS3pWAgZ8

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_3ec86d0266e990db3a951f239687a6f0

    • Size

      120KB

    • MD5

      3ec86d0266e990db3a951f239687a6f0

    • SHA1

      c5c370331a12bf10115eeb17401aad1b95654f85

    • SHA256

      31c67757417a79aca92d2a112d64245b8452080deeb8c96ea37e781d78c750ca

    • SHA512

      9507dab9b169007bfe1afb060a2ded6fae5466469330f875b89cbcf24cc16b87514723cb89e942d7cbe05562b5edaf787dba2d55be8821b91d33f9a8f0237707

    • SSDEEP

      3072:yLk395hYXJePspYCAh7Ap8DLPw3rywS3pWAgZjf0:yQqiHxkGDs+wS3pWAgZ8

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks