Overview

overview

10

Static

static

10

JaffaCakes...36.exe

windows7-x64

10

JaffaCakes...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5392cfa1d3ebf19311baedc1e5d9bd36

  • Size

    163KB

  • Sample

    250305-zl98gsyp19

  • MD5

    5392cfa1d3ebf19311baedc1e5d9bd36

  • SHA1

    871b8c8172c95b64bfe80a2aa459459eaa3c2ab1

  • SHA256

    243d5dac34cc985729c8623cfce9e95b667d2642d7f6f930469c04a1e6386242

  • SHA512

    e376eb83ffb283cec17b1f70dabcb3ecff1bddab11d8e4b5da0b8377f8cb01193c366ce2b2584eb6605dd9e081cd6357ade97ce0902d9bd57e1b81d941b9387c

  • SSDEEP

    3072:dxhXDNHBbWKRpvv70d/pPHWH43NjCa3Aal4b8ceHyhosXln5I3iv:dx9DHbWK3vv7opfWHgUaQfb8n85IG

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_5392cfa1d3ebf19311baedc1e5d9bd36

    • Size

      163KB

    • MD5

      5392cfa1d3ebf19311baedc1e5d9bd36

    • SHA1

      871b8c8172c95b64bfe80a2aa459459eaa3c2ab1

    • SHA256

      243d5dac34cc985729c8623cfce9e95b667d2642d7f6f930469c04a1e6386242

    • SHA512

      e376eb83ffb283cec17b1f70dabcb3ecff1bddab11d8e4b5da0b8377f8cb01193c366ce2b2584eb6605dd9e081cd6357ade97ce0902d9bd57e1b81d941b9387c

    • SSDEEP

      3072:dxhXDNHBbWKRpvv70d/pPHWH43NjCa3Aal4b8ceHyhosXln5I3iv:dx9DHbWK3vv7opfWHgUaQfb8n85IG

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks