General
-
Target
JaffaCakes118_4f51958fc8e9131e6c00a96ce7fbd5cc
-
Size
150KB
-
Sample
250304-yldc3szjy3
-
MD5
4f51958fc8e9131e6c00a96ce7fbd5cc
-
SHA1
4579ef343549e346da8396ed789edb850d41c72e
-
SHA256
32e38b2110c7d75ab357a625178a98106d33daad80d0c3646b9c8a8dd7f59415
-
SHA512
b2c715c9897bdc31da72108ed67e43c85383896f40ec593aa357d051ecdff883e8e642eec218a276dab45f251e671c2629759450f0a4bfb46ab789c0bbf11a49
-
SSDEEP
3072:/VhUTNt0TSmLGkhjKXFvIGk6H0ydpZTr5iSTNL9cEVz3CiODcRwZz:dkt0TSZkhWVvI+UupZTr5iSVrLmca
Malware Config
Targets
-
-
Target
JaffaCakes118_4f51958fc8e9131e6c00a96ce7fbd5cc
-
Size
150KB
-
MD5
4f51958fc8e9131e6c00a96ce7fbd5cc
-
SHA1
4579ef343549e346da8396ed789edb850d41c72e
-
SHA256
32e38b2110c7d75ab357a625178a98106d33daad80d0c3646b9c8a8dd7f59415
-
SHA512
b2c715c9897bdc31da72108ed67e43c85383896f40ec593aa357d051ecdff883e8e642eec218a276dab45f251e671c2629759450f0a4bfb46ab789c0bbf11a49
-
SSDEEP
3072:/VhUTNt0TSmLGkhjKXFvIGk6H0ydpZTr5iSTNL9cEVz3CiODcRwZz:dkt0TSZkhWVvI+UupZTr5iSVrLmca
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-