Overview

overview

10

Static

static

3

JaffaCakes...1f.exe

windows7-x64

10

JaffaCakes...1f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_561bb28056f61048faf596d137adff1f

  • Size

    197KB

  • Sample

    250306-m443zawyfv

  • MD5

    561bb28056f61048faf596d137adff1f

  • SHA1

    832e1db0361c6983c0867c7b1bfb50af72ac1383

  • SHA256

    3a62c25407891f069edbfd3c218ff8cccd611d71e2da0bee71cecc68924cec42

  • SHA512

    0fe8de8c0e4163ca9d9a718c4d48dc30cff2f799977bbb01336907e6e7b1602b663d99e54843bbd9fea7ddb0a39967bcfdd116690b4a88f08d173a10c57ecf5e

  • SSDEEP

    6144:nOVLnWFc/FtsFkVRTl0QdTmNPPYhtUeqPZ:n8LWFq+kV1KIo+hYZ

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_561bb28056f61048faf596d137adff1f

    • Size

      197KB

    • MD5

      561bb28056f61048faf596d137adff1f

    • SHA1

      832e1db0361c6983c0867c7b1bfb50af72ac1383

    • SHA256

      3a62c25407891f069edbfd3c218ff8cccd611d71e2da0bee71cecc68924cec42

    • SHA512

      0fe8de8c0e4163ca9d9a718c4d48dc30cff2f799977bbb01336907e6e7b1602b663d99e54843bbd9fea7ddb0a39967bcfdd116690b4a88f08d173a10c57ecf5e

    • SSDEEP

      6144:nOVLnWFc/FtsFkVRTl0QdTmNPPYhtUeqPZ:n8LWFq+kV1KIo+hYZ

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks