Overview

overview

10

Static

static

7

JaffaCakes...3b.dll

windows7-x64

10

JaffaCakes...3b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5db4a965901c67a567b7fd546726643b

  • Size

    135KB

  • Sample

    250310-hs86bswn17

  • MD5

    5db4a965901c67a567b7fd546726643b

  • SHA1

    b130eebe87df33c67ab20c36b037ac274cb683f3

  • SHA256

    ea6372353de57deea698d57606f17d2a8bd106f09b1d46675a8b502f5d54c1bb

  • SHA512

    a153713e26974d6c10d837a5f432ae317d05ff8739f3e0d754092cc8060f8429ca14a6dc1faf206a4035fc197a266011e3edab53095045c6f7eb4f7930de13e3

  • SSDEEP

    3072:X9/cXeuURvuaos5IvZRQF6OnxWLNh42gOz9rsnA:NEXebcs5Ii6a4vYOz9rd

Score
10/10
gh0stratdiscoveryratvmprotect

Malware Config

Targets

    • Target

      JaffaCakes118_5db4a965901c67a567b7fd546726643b

    • Size

      135KB

    • MD5

      5db4a965901c67a567b7fd546726643b

    • SHA1

      b130eebe87df33c67ab20c36b037ac274cb683f3

    • SHA256

      ea6372353de57deea698d57606f17d2a8bd106f09b1d46675a8b502f5d54c1bb

    • SHA512

      a153713e26974d6c10d837a5f432ae317d05ff8739f3e0d754092cc8060f8429ca14a6dc1faf206a4035fc197a266011e3edab53095045c6f7eb4f7930de13e3

    • SSDEEP

      3072:X9/cXeuURvuaos5IvZRQF6OnxWLNh42gOz9rsnA:NEXebcs5Ii6a4vYOz9rd

    Score
    10/10
    gh0stratdiscoveryratvmprotect

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks