General
-
Target
JaffaCakes118_4a594d051aeb91f95a12f8bd91305dfd
-
Size
53KB
-
Sample
250304-b1vjksvzby
-
MD5
4a594d051aeb91f95a12f8bd91305dfd
-
SHA1
fbf022fca56421403f58bede296242508ed0a27f
-
SHA256
f38e756ee7bb2908a9c44d39d8923caa311aeaa3d1919aadf26a742a5e8f4387
-
SHA512
64c5ee288d21496d84efc42228a57d5930fb6b953cea31997184befb4fe2304bb6b4e0c172406059b264dc323526ad8f2d8e75ec69bdf0a3aead1d8c432d1471
-
SSDEEP
1536:wpBYo6/+4FZTL/FqJlZy9eqAOvCxTNHWEA:wD62yVQy9eIIT1A
Malware Config
Targets
-
-
Target
JaffaCakes118_4a594d051aeb91f95a12f8bd91305dfd
-
Size
53KB
-
MD5
4a594d051aeb91f95a12f8bd91305dfd
-
SHA1
fbf022fca56421403f58bede296242508ed0a27f
-
SHA256
f38e756ee7bb2908a9c44d39d8923caa311aeaa3d1919aadf26a742a5e8f4387
-
SHA512
64c5ee288d21496d84efc42228a57d5930fb6b953cea31997184befb4fe2304bb6b4e0c172406059b264dc323526ad8f2d8e75ec69bdf0a3aead1d8c432d1471
-
SSDEEP
1536:wpBYo6/+4FZTL/FqJlZy9eqAOvCxTNHWEA:wD62yVQy9eIIT1A
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-