Overview

overview

10

Static

static

3

CDK.exe

windows7-x64

10

CDK.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5e53e03d8d051bd9644d0976d18c8d07

  • Size

    287KB

  • Sample

    250310-lflq2szxhy

  • MD5

    5e53e03d8d051bd9644d0976d18c8d07

  • SHA1

    981211ddf0e7cf8e0975fbe6d9c532236e2f56aa

  • SHA256

    5042e58462a6892704137d2bd8c9847cb09b8cb03910c90b0f1dff623106704e

  • SHA512

    93f94da90e982bed270ea419031951f388cab2c30cc4244891f6a1dd24dd45b89f8890d2883170b3fead19bf5aa4afc18877c6641a44036de748254f651a42b9

  • SSDEEP

    6144:+UjTFXlyJNPUGHCzOYtqlG8zcsXBKA0LF2gV9rRE5Ft6oR+Yx9zWZk2:+MMNs0CpQdR/uQU25GoR+Yx9zgk2

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      CDK.exe

    • Size

      572KB

    • MD5

      31ddcf0ac59cbad6398c097570f669fa

    • SHA1

      9068e8476f8ee7adda2081cc89b61b98ddbaaf23

    • SHA256

      a303752473b79df484b29debd12b64c63829b92e325153d26402922a22c38281

    • SHA512

      58b9df31b0e4f3586a7c249ff51ceedb660d884a7eb49e221dda5f057ed6484a84daccd2efcf1ca0010666b694bbf3a6ef2ca5d3fb623e2139adff70c5423321

    • SSDEEP

      12288:nruM9FNatyT3gNCpOdn/u8cZNJ7QD7HZ5rbx:q+atynpOd/0zJO7HX

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks