Overview

overview

10

Static

static

3

JaffaCakes...ae.exe

windows7-x64

10

JaffaCakes...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4cc864f606390d06fec82486754341ae

  • Size

    192KB

  • Sample

    250304-mf2myax1aw

  • MD5

    4cc864f606390d06fec82486754341ae

  • SHA1

    93d2758444a6eda0936b9137d880117cc564604c

  • SHA256

    3e8cc60745e9f927533721ebe6cb480b69c884656154a3b73758920d7a01275b

  • SHA512

    2d910268876fce6a7ec0a2cadfe2ddcfdbe380949a5d0146db28d59159e07b9f2bf17b074f19c707aa2dcc578fc6a977862eedcf854a13b1a2fc81a96bcca16f

  • SSDEEP

    3072:OQk3DH+bK+snWjvUJFMKkj8aPBHA40qcVWhUXYvpSVxoTVrbMzYiw/mEFVc:OQkTH+bpsnWjvEkrPadqc6UIvK6jtm

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_4cc864f606390d06fec82486754341ae

    • Size

      192KB

    • MD5

      4cc864f606390d06fec82486754341ae

    • SHA1

      93d2758444a6eda0936b9137d880117cc564604c

    • SHA256

      3e8cc60745e9f927533721ebe6cb480b69c884656154a3b73758920d7a01275b

    • SHA512

      2d910268876fce6a7ec0a2cadfe2ddcfdbe380949a5d0146db28d59159e07b9f2bf17b074f19c707aa2dcc578fc6a977862eedcf854a13b1a2fc81a96bcca16f

    • SSDEEP

      3072:OQk3DH+bK+snWjvUJFMKkj8aPBHA40qcVWhUXYvpSVxoTVrbMzYiw/mEFVc:OQkTH+bpsnWjvEkrPadqc6UIvK6jtm

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks