Overview

overview

10

Static

static

10

JaffaCakes...61.exe

windows7-x64

10

JaffaCakes...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4d56220bb83c525c8257f244f5b31a61

  • Size

    159KB

  • Sample

    250304-pmjrtazxat

  • MD5

    4d56220bb83c525c8257f244f5b31a61

  • SHA1

    19d0b84bda6daf852822a26aded4584e14c51f32

  • SHA256

    49fbaa03db6ad3ba7f3399f70ce73cb2c7d34f9ea5cbdab332aec0adb0225ec6

  • SHA512

    a1d2a8bd54b586e9729337fc1cc50c4c99a67264668cce0bb4a42971ac95c7141796c85baa465db0da9daea6ac9a273b682ae61084d8fe21adba764973d37bf9

  • SSDEEP

    3072:5JuGnYhTbK80khbOff9xHwm1PXBmXZFeA28pM6EdePl9dehiv80P80Cnp8d6Z7IC:5JueTk1OddwaWB28edeP/deUv80P80AZ

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_4d56220bb83c525c8257f244f5b31a61

    • Size

      159KB

    • MD5

      4d56220bb83c525c8257f244f5b31a61

    • SHA1

      19d0b84bda6daf852822a26aded4584e14c51f32

    • SHA256

      49fbaa03db6ad3ba7f3399f70ce73cb2c7d34f9ea5cbdab332aec0adb0225ec6

    • SHA512

      a1d2a8bd54b586e9729337fc1cc50c4c99a67264668cce0bb4a42971ac95c7141796c85baa465db0da9daea6ac9a273b682ae61084d8fe21adba764973d37bf9

    • SSDEEP

      3072:5JuGnYhTbK80khbOff9xHwm1PXBmXZFeA28pM6EdePl9dehiv80P80Cnp8d6Z7IC:5JueTk1OddwaWB28edeP/deUv80P80AZ

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks