gh0strat | f3f69a2fc6c5764dd4d9686352b174b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3f69a2fc6c5764dd4d9686352b174b8_JaffaCakes118
Size

136KB
MD5

f3f69a2fc6c5764dd4d9686352b174b8
SHA1

1dfa7cef022f12609ac6a944e9cde9466f850960
SHA256

0a3518039951296168aacd557594200a063ffa0741504a1f57aae55faae6b71d
SHA512

2f8d616abe9c69f7885374d57c9b6f8b1355cf18b59f2b3dc802cd77353605d4ca76b4ba6ce44ab471943d0027a6ffbba826f4f3ed9815912718c1801db1e66a
SSDEEP

3072:SfhntKGPHzzte60/4jASBCUQSMptQRLgMM5lIboyTvSbw4:SfhEGPTztNvjASBCTS2Q6TloBTvC

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3f69a2fc6c5764dd4d9686352b174b8_JaffaCakes118

Files

f3f69a2fc6c5764dd4d9686352b174b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cd6375ef0dd565c0e1715e4a01e292a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
lstrcmpiA
GetLocalTime
CopyFileA
CloseHandle
DeleteFileA
lstrcatA
FindNextFileA
LoadResource
WinExec
MoveFileExA
GetModuleFileNameA
GetFileAttributesA
CreateThread
GetStartupInfoA
GetModuleHandleA
LockResource
lstrlenA
VirtualProtect
LoadLibraryExA
VirtualAlloc
VirtualFree
GetProcAddress
GetProcessHeap
HeapFree
FindFirstFileA

user32

SendMessageA
MessageBoxA
wsprintfA

msvcrt

_adjust_fdiv
_strnicmp
_except_handler3
strchr
strncat
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_strcmpi
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ