Overview

overview

10

Static

static

10

JaffaCakes...9b.exe

windows7-x64

10

JaffaCakes...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_48ff1f34624be03994d53739effb899b

  • Size

    408KB

  • Sample

    250303-zac4lsyjs9

  • MD5

    48ff1f34624be03994d53739effb899b

  • SHA1

    ff752f79fada4cca75f093dbd44ff159fda8b6d7

  • SHA256

    39b7c893c02c7992c24e03a7016b812a74b7b5dc9af31b6c509a638a05e4cba5

  • SHA512

    1ab92a7ab24d00a5f467f64e53725db1c5f5321c6e45581aed43485050ecb7fad8acd93fbec84203d1fea2a0b59a7f138e944983efc03170dd47be749403d674

  • SSDEEP

    6144:wiTti+B0bL7ttI5gp3CBEy4G7v4G7AWFta4G7AWFy8w:/PB0bdtYgNULJAVAv/

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_48ff1f34624be03994d53739effb899b

    • Size

      408KB

    • MD5

      48ff1f34624be03994d53739effb899b

    • SHA1

      ff752f79fada4cca75f093dbd44ff159fda8b6d7

    • SHA256

      39b7c893c02c7992c24e03a7016b812a74b7b5dc9af31b6c509a638a05e4cba5

    • SHA512

      1ab92a7ab24d00a5f467f64e53725db1c5f5321c6e45581aed43485050ecb7fad8acd93fbec84203d1fea2a0b59a7f138e944983efc03170dd47be749403d674

    • SSDEEP

      6144:wiTti+B0bL7ttI5gp3CBEy4G7v4G7AWFta4G7AWFy8w:/PB0bdtYgNULJAVAv/

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks