Overview

overview

10

Static

static

10

JaffaCakes...d6.exe

windows7-x64

4

JaffaCakes...d6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_51971a2dfa78e538e44b44f04b0cd4d6

  • Size

    159KB

  • Sample

    250305-lzcbqavzgy

  • MD5

    51971a2dfa78e538e44b44f04b0cd4d6

  • SHA1

    fa02179f997e8ef3ce3515dc5056ed788b54e742

  • SHA256

    2eb17d1b539434f14964e8712967a316b60139342c03f1ab41cce26d525b6674

  • SHA512

    8c927c9a49629a8ffa93af19aefdd5e93e2711aa9fa7ec3e4335a5559b23d52068af5a5d65ed60732e8c6834f9b4a78af922a071e7df945af31c7028615a5a1c

  • SSDEEP

    3072:RBymKRr0U5vw0TdLov8MDX8F9jywLatx2LbE4Uo7Nj:RBybjwyovIFtZLatw/E4U4

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_51971a2dfa78e538e44b44f04b0cd4d6

    • Size

      159KB

    • MD5

      51971a2dfa78e538e44b44f04b0cd4d6

    • SHA1

      fa02179f997e8ef3ce3515dc5056ed788b54e742

    • SHA256

      2eb17d1b539434f14964e8712967a316b60139342c03f1ab41cce26d525b6674

    • SHA512

      8c927c9a49629a8ffa93af19aefdd5e93e2711aa9fa7ec3e4335a5559b23d52068af5a5d65ed60732e8c6834f9b4a78af922a071e7df945af31c7028615a5a1c

    • SSDEEP

      3072:RBymKRr0U5vw0TdLov8MDX8F9jywLatx2LbE4Uo7Nj:RBybjwyovIFtZLatw/E4U4

    Score
    10/10
    discoverygh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks