Overview

overview

10

Static

static

10

JaffaCakes...ff.exe

windows7-x64

10

JaffaCakes...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5f26b1a4e41757ace0cde4b7d279aaff

  • Size

    128KB

  • Sample

    250310-pr4b1svtgy

  • MD5

    5f26b1a4e41757ace0cde4b7d279aaff

  • SHA1

    fff906231d7b16d58d1818466adb3c2b89faa399

  • SHA256

    4a3e1c8e4375c90725702226650cbcddc11cf376e3a9b17edaf3aa33e849a47f

  • SHA512

    1f732f45e59de3703eebf3aac513ad40295ce7686422c00eaac5befbdd127007ef0010b923d3cd161e1791e8aff629355df7334e7d57f965a24cea1f41ba4c08

  • SSDEEP

    3072:3Xq28uHvzJT1DQXNpvgPC4WaoCeOC4W9rD5zaQ6SZLmq8:3X18GvvQqCvlOC4WvzaIsT

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_5f26b1a4e41757ace0cde4b7d279aaff

    • Size

      128KB

    • MD5

      5f26b1a4e41757ace0cde4b7d279aaff

    • SHA1

      fff906231d7b16d58d1818466adb3c2b89faa399

    • SHA256

      4a3e1c8e4375c90725702226650cbcddc11cf376e3a9b17edaf3aa33e849a47f

    • SHA512

      1f732f45e59de3703eebf3aac513ad40295ce7686422c00eaac5befbdd127007ef0010b923d3cd161e1791e8aff629355df7334e7d57f965a24cea1f41ba4c08

    • SSDEEP

      3072:3Xq28uHvzJT1DQXNpvgPC4WaoCeOC4W9rD5zaQ6SZLmq8:3X18GvvQqCvlOC4WvzaIsT

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks