General
-
Target
JaffaCakes118_4da5a4b46285d901cfe2007c5ec1dabe
-
Size
1.2MB
-
Sample
250304-qtz8ta1wgt
-
MD5
4da5a4b46285d901cfe2007c5ec1dabe
-
SHA1
8ea6721fbef365e91e42c9687e05707573eb8077
-
SHA256
17fbfee0cd6f164786c1b90fba254a776edf1b917ba7e27484600b70fac949c9
-
SHA512
2be0e46acde5bd0d3660ea792d09b1b7b9dca53f74b68cf08422cc6256353efd50374ad47b644977a5676a32b7e49a37ca09eb3871f920c9532067d8ff4ddc1b
-
SSDEEP
24576:kDoEh5dREyJonpQYNYZm7/dANFGe4xy94bx3kJC9Yo6vZFaL8zygyOb:kDoFkonvUm7/dANR94b45ognIdw
Malware Config
Targets
-
-
Target
CF天空VIP V7.8版 8.29 日破解版/天空vip.exe
-
Size
1.3MB
-
MD5
27f4e7a15d2a4624eb6f3adabd70e97d
-
SHA1
9c2eafe637e33fd260cee1d65f3d7a113256c7f6
-
SHA256
d49ab1f371ffc533a82826611c042a83458f49a82b3a57e35e5cea8b15aca98b
-
SHA512
3055a4293578b346fe3c83d161285b4f78cd13a586f0e91231cf0c09aa3b3e2563577733eddb6381ce126f0a5a0120e4bbd1eb8522bf3e8860d24ac65e29637c
-
SSDEEP
24576:3ZIJ8lG4o3PE+WGEky00Eyb/LOh7FTVLYyMrc7LcvOrZfJoM0FQm9NsWTVVRuxqL:9lG4ofRC00Eyja7jYmLvoM0z7uxSd
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
CF天空VIP V7.8版 8.29 日破解版/破解补丁.exe
-
Size
15KB
-
MD5
9934672756d413a5ce97cbe839f12783
-
SHA1
cf379d64172420ced5e59977996379431b6be30e
-
SHA256
13d8c22594e5c2df6bf241b8f128109455a2e3882819dd48239e9d22d0702ff9
-
SHA512
4f3104b9e942ff310e37ab67649251239bfe32a4e7eb30af7b4c740fb93acef34b7d508c8833a4c23c1264f239fbba2fba1b8e3d8bd7c46b799686c7d4522bcf
-
SSDEEP
192:2wHVQUyGx+aehN6I+OdSuu+lreyjU7BHY8GFhv4VOrn0Al345a:2wHS7w+aICg0+lreVBxGjQVOrhos
Score4/10 -