Overview

overview

10

Static

static

10

JaffaCakes...20.exe

windows7-x64

10

JaffaCakes...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_45d9218a010768f378b5437dd96a5420

  • Size

    110KB

  • Sample

    250303-jzx73ssvdy

  • MD5

    45d9218a010768f378b5437dd96a5420

  • SHA1

    4a60964d97ed786913a2f43dbbfbdb24a0311380

  • SHA256

    6b357ea4c19a7d32d89bc4725b26d15bddabaa1be03aa7ebefc81e12374258b5

  • SHA512

    322f56104fe6966e92e3931bff6c932c87b04ea531719bac95745ded11f09949a6b0846cd9cba7099bebe87d513b15aab7375eb3d059a5b8e290a58555723f32

  • SSDEEP

    3072:MwMRjDIFSyBnuG+zw01RTn6MDwMFBAKlg9uYwbh7yHpq5N:b8jDKSyBuG6w01cpG6rjwbRyHpQ

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_45d9218a010768f378b5437dd96a5420

    • Size

      110KB

    • MD5

      45d9218a010768f378b5437dd96a5420

    • SHA1

      4a60964d97ed786913a2f43dbbfbdb24a0311380

    • SHA256

      6b357ea4c19a7d32d89bc4725b26d15bddabaa1be03aa7ebefc81e12374258b5

    • SHA512

      322f56104fe6966e92e3931bff6c932c87b04ea531719bac95745ded11f09949a6b0846cd9cba7099bebe87d513b15aab7375eb3d059a5b8e290a58555723f32

    • SSDEEP

      3072:MwMRjDIFSyBnuG+zw01RTn6MDwMFBAKlg9uYwbh7yHpq5N:b8jDKSyBuG6w01cpG6rjwbRyHpQ

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks