Overview

overview

10

Static

static

3

JaffaCakes...e8.exe

windows7-x64

10

JaffaCakes...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5743b53483a2de66c353b0450f2983e8

  • Size

    431KB

  • Sample

    250306-wt7ksavnz2

  • MD5

    5743b53483a2de66c353b0450f2983e8

  • SHA1

    85924b18db2bbb8ad966b9d8eae211fac2b41fb8

  • SHA256

    c97adbc24eb3a8f9c59f8415dfdd3af4a8c2b5265cd140efd3ebafba1e311078

  • SHA512

    d750a134e42a846dec990cea014e4176422558b3ba6d3db3e2ac4a42aed9687131d5dbaf1c51b68a3cc334751eb089fef27025d98e9a4ae4147063e33f54cac8

  • SSDEEP

    6144:0/UN3c9FNx22NZp96wgvRHCzOYtqlGyzcsX3KA0LQIQRKb3uW:EUNM9FNk2Nh3gNCpOdn/unaW

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_5743b53483a2de66c353b0450f2983e8

    • Size

      431KB

    • MD5

      5743b53483a2de66c353b0450f2983e8

    • SHA1

      85924b18db2bbb8ad966b9d8eae211fac2b41fb8

    • SHA256

      c97adbc24eb3a8f9c59f8415dfdd3af4a8c2b5265cd140efd3ebafba1e311078

    • SHA512

      d750a134e42a846dec990cea014e4176422558b3ba6d3db3e2ac4a42aed9687131d5dbaf1c51b68a3cc334751eb089fef27025d98e9a4ae4147063e33f54cac8

    • SSDEEP

      6144:0/UN3c9FNx22NZp96wgvRHCzOYtqlGyzcsX3KA0LQIQRKb3uW:EUNM9FNk2Nh3gNCpOdn/unaW

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks