gh0strat | f479aa90141c33ed6640dabb195a086f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f479aa90141c33ed6640dabb195a086f_JaffaCakes118
Size

223KB
MD5

f479aa90141c33ed6640dabb195a086f
SHA1

69b85d744993f7df6767c46a1f2e16dda7662994
SHA256

4e21bd4578cfda65cc2bb0bc12c8a48a9fdd4afd9f33dc5d28fd954ed4837220
SHA512

4fa0a86bd9ac0617ea71c1da56f2cb0dac55b41e01b9cee68f7255c014ea1a4bdab1457c88b6447e26948e1054a479b341817efa58e2f3dbb32cfd1c5e7b47d9
SSDEEP

6144:ZZM4nDWgRAkPwUrWbi7cJVGpxx9bowZuwc4GHeqoX:1R3PwUdoJI3Lo+lTb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f479aa90141c33ed6640dabb195a086f_JaffaCakes118

Files

f479aa90141c33ed6640dabb195a086f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.YunShas
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 306B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.maomao
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sample~