Overview

overview

10

Static

static

10

JaffaCakes...0e.exe

windows7-x64

10

JaffaCakes...0e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5cbc6752085c4581473928f08495f20e

  • Size

    386KB

  • Sample

    250310-dm1vjs1sfx

  • MD5

    5cbc6752085c4581473928f08495f20e

  • SHA1

    d5ec21ebec193f4980a22c61b6bf87535b1dcf72

  • SHA256

    b3ea5d592ec94a8a9daffa72e00257dbd131cb09bc8c7e028676b1b2a52d252c

  • SHA512

    0d1b1420bfe4da1e8395aa50d00d69b9547987205a672ee4ea04ad148d94650de777ab64766be2c92cea5d72f6b000f5c3e137b7f3dc54e0714b2e0349f84d21

  • SSDEEP

    3072:7oUGzRVHgCcnV5j9j0lvil2NnGfNGHqRy1zkeS1FpTa3q5tJHKb4j/otaoK8OIwG:TGzRxSVtp0l6whGfsKR+zkBpTaa5tJHs

Score
10/10
gh0stratdiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_5cbc6752085c4581473928f08495f20e

    • Size

      386KB

    • MD5

      5cbc6752085c4581473928f08495f20e

    • SHA1

      d5ec21ebec193f4980a22c61b6bf87535b1dcf72

    • SHA256

      b3ea5d592ec94a8a9daffa72e00257dbd131cb09bc8c7e028676b1b2a52d252c

    • SHA512

      0d1b1420bfe4da1e8395aa50d00d69b9547987205a672ee4ea04ad148d94650de777ab64766be2c92cea5d72f6b000f5c3e137b7f3dc54e0714b2e0349f84d21

    • SSDEEP

      3072:7oUGzRVHgCcnV5j9j0lvil2NnGfNGHqRy1zkeS1FpTa3q5tJHKb4j/otaoK8OIwG:TGzRxSVtp0l6whGfsKR+zkBpTaa5tJHs

    Score
    10/10
    gh0stratdiscoverypersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks