Overview

overview

10

Static

static

10

JaffaCakes...1b.dll

windows7-x64

10

JaffaCakes...1b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_599d2c08c55b2ffe365e1c5f0ee1061b

  • Size

    153KB

  • Sample

    250309-rt5nzasyfy

  • MD5

    599d2c08c55b2ffe365e1c5f0ee1061b

  • SHA1

    dfccc0f499982f0226b690dd51dcfd217b6b30d8

  • SHA256

    5a4d9bf7c8d5cf1d15d692a39e1733d8e54a57e7e5f93b2118e25f36f10d0293

  • SHA512

    eca020aae83a013efbd7590b632add22e30d755dc2fe0eada4f7304cb6c9fd773789dc7252e047d244ec0f9ddd53025d85e5e87fae3cd952bed0e7f5ca3ced93

  • SSDEEP

    3072:59oesPqrkiQLRXdilvYXirXumHTBftWmtOqnUK:5YqIiExcdNumHTBlWmtOE

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      JaffaCakes118_599d2c08c55b2ffe365e1c5f0ee1061b

    • Size

      153KB

    • MD5

      599d2c08c55b2ffe365e1c5f0ee1061b

    • SHA1

      dfccc0f499982f0226b690dd51dcfd217b6b30d8

    • SHA256

      5a4d9bf7c8d5cf1d15d692a39e1733d8e54a57e7e5f93b2118e25f36f10d0293

    • SHA512

      eca020aae83a013efbd7590b632add22e30d755dc2fe0eada4f7304cb6c9fd773789dc7252e047d244ec0f9ddd53025d85e5e87fae3cd952bed0e7f5ca3ced93

    • SSDEEP

      3072:59oesPqrkiQLRXdilvYXirXumHTBftWmtOqnUK:5YqIiExcdNumHTBlWmtOE

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks