Overview

overview

10

Static

static

10

JaffaCakes...43.exe

windows7-x64

10

JaffaCakes...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5b800be3632b46f46b79147d1c4c7243

  • Size

    86KB

  • Sample

    250309-1zdbcaszd1

  • MD5

    5b800be3632b46f46b79147d1c4c7243

  • SHA1

    3961a2d1233460b2442f324615db806afe45e801

  • SHA256

    3898841e36bac7f6afed2c52039720a47f6cf405bad7c500bca316547f2b59e6

  • SHA512

    f9fa5505f85499e39b7fb30c857f0c8afbee21599c7156e1d76681ffb094f3ed71555f703891a325d08eb18ceace10c37840e099ad6854cadba133bfd938bc87

  • SSDEEP

    1536:f0jgaEGFDMbbMt9ODnjfiwKcuybfLIeEwKJB4AY4eEtgreOv3/DRI:MjgTGFIMDODn+wKByrLIeNKJBZ2EtIe+

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_5b800be3632b46f46b79147d1c4c7243

    • Size

      86KB

    • MD5

      5b800be3632b46f46b79147d1c4c7243

    • SHA1

      3961a2d1233460b2442f324615db806afe45e801

    • SHA256

      3898841e36bac7f6afed2c52039720a47f6cf405bad7c500bca316547f2b59e6

    • SHA512

      f9fa5505f85499e39b7fb30c857f0c8afbee21599c7156e1d76681ffb094f3ed71555f703891a325d08eb18ceace10c37840e099ad6854cadba133bfd938bc87

    • SSDEEP

      1536:f0jgaEGFDMbbMt9ODnjfiwKcuybfLIeEwKJB4AY4eEtgreOv3/DRI:MjgTGFIMDODn+wKByrLIeNKJBZ2EtIe+

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks