General
-
Target
JaffaCakes118_4ed9a08d90b80dc451fb76cd555f99bb
-
Size
224KB
-
Sample
250304-wjq52sxlt4
-
MD5
4ed9a08d90b80dc451fb76cd555f99bb
-
SHA1
9a643edefeb91fd3df90c5b968cddffb9782e107
-
SHA256
327642ea179b19323851e332c5f54c4127df2696c3f57395b78bff7ccd589b3d
-
SHA512
5027effd4369c97366b6ccd1b646c4b8458f05ba270f5ebd093b668d171e542fe3a7f9695f1b56f7931e8ba81c4ec911cf1b60acdcce97adcfa17996351ff62c
-
SSDEEP
3072:rb8IM9D5woXXreupOnXY8/ZnLSpWKaIWHnDFoo97pzJ+nYkOCwynsVvRokCB/bnl:0IUWJlfQw+oJpzmfwssLJC5opH9DH3zq
Malware Config
Targets
-
-
Target
JaffaCakes118_4ed9a08d90b80dc451fb76cd555f99bb
-
Size
224KB
-
MD5
4ed9a08d90b80dc451fb76cd555f99bb
-
SHA1
9a643edefeb91fd3df90c5b968cddffb9782e107
-
SHA256
327642ea179b19323851e332c5f54c4127df2696c3f57395b78bff7ccd589b3d
-
SHA512
5027effd4369c97366b6ccd1b646c4b8458f05ba270f5ebd093b668d171e542fe3a7f9695f1b56f7931e8ba81c4ec911cf1b60acdcce97adcfa17996351ff62c
-
SSDEEP
3072:rb8IM9D5woXXreupOnXY8/ZnLSpWKaIWHnDFoo97pzJ+nYkOCwynsVvRokCB/bnl:0IUWJlfQw+oJpzmfwssLJC5opH9DH3zq
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-