General
-
Target
JaffaCakes118_5754fbee092911fed25371552db7f581
-
Size
96KB
-
Sample
250306-xe5cjsvvhs
-
MD5
5754fbee092911fed25371552db7f581
-
SHA1
0ed3c994e7bcf3539882489379f0e2c65ee76896
-
SHA256
7bca5730a67fd45ddcf33dc1254f5c1b430afe180f75c5a9d54bdc0da400affc
-
SHA512
634f5a085042e78cae7d775aa33e1adc6a62011fc98e9323534d0de23f1928712542b7a345ba316c60d0389433fcbd5388323a23a593dc47d8beb6d2493b75d3
-
SSDEEP
1536:FwFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prKWveWa:FCS4jHS8q/3nTzePCwNUh4E9KWGWa
Malware Config
Targets
-
-
Target
JaffaCakes118_5754fbee092911fed25371552db7f581
-
Size
96KB
-
MD5
5754fbee092911fed25371552db7f581
-
SHA1
0ed3c994e7bcf3539882489379f0e2c65ee76896
-
SHA256
7bca5730a67fd45ddcf33dc1254f5c1b430afe180f75c5a9d54bdc0da400affc
-
SHA512
634f5a085042e78cae7d775aa33e1adc6a62011fc98e9323534d0de23f1928712542b7a345ba316c60d0389433fcbd5388323a23a593dc47d8beb6d2493b75d3
-
SSDEEP
1536:FwFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prKWveWa:FCS4jHS8q/3nTzePCwNUh4E9KWGWa
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-