Overview

overview

10

Static

static

10

JaffaCakes...e0.exe

windows7-x64

10

JaffaCakes...e0.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4bedf89fe9c8d86ee516380a372baee0

  • Size

    204KB

  • Sample

    250304-h2azwstvhv

  • MD5

    4bedf89fe9c8d86ee516380a372baee0

  • SHA1

    695404f21d8f7f2a3a496aba73aa83ff68c2d2b8

  • SHA256

    89f12255d1435fc152cb06b01c7200c936c702da94c987deae2e49d8af467d31

  • SHA512

    036e79e30ce02ccb4d7218288dbf4a72027e432db941a1de36c39d3240f93d62962807efdcae862051e6d7bfb45b744c29859ccdf0a4325712c651de2dcc381b

  • SSDEEP

    3072:MqVYtrjsN9NhlcOweT4WWDQ8AKwirAHVd8R9ttsHXu:JKtnsN9NvcKDWEEwyyX8R9kXu

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_4bedf89fe9c8d86ee516380a372baee0

    • Size

      204KB

    • MD5

      4bedf89fe9c8d86ee516380a372baee0

    • SHA1

      695404f21d8f7f2a3a496aba73aa83ff68c2d2b8

    • SHA256

      89f12255d1435fc152cb06b01c7200c936c702da94c987deae2e49d8af467d31

    • SHA512

      036e79e30ce02ccb4d7218288dbf4a72027e432db941a1de36c39d3240f93d62962807efdcae862051e6d7bfb45b744c29859ccdf0a4325712c651de2dcc381b

    • SSDEEP

      3072:MqVYtrjsN9NhlcOweT4WWDQ8AKwirAHVd8R9ttsHXu:JKtnsN9NvcKDWEEwyyX8R9kXu

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks