gh0strat | f938fe684c5702f74a9d322dfab10799_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f938fe684c5702f74a9d322dfab10799_JaffaCakes118
Size

156KB
MD5

f938fe684c5702f74a9d322dfab10799
SHA1

06d32fca14780a7e4ac42761085ba8641f39ee78
SHA256

98bdc248f5e575ee37253ee19b244628f2771a63e49ef11b88e1adfccc9b8b38
SHA512

94829373ee7d7f1e6d9d6e9db4ff61b3d8688ba03675c478f5b7a1475ce3ee5daf3743bea9e37515e26b3ce2ae26c2d09bd3664c790943fc34c8365c8981dc8a
SSDEEP

3072:X78OCxt9d8ISwF4Q2539LI/bUH9B18XhOTAkGFyMOxzIPr77sGg:XAOCxt9d8ISbn5yS9j4sLGFhOxzIzPs7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f938fe684c5702f74a9d322dfab10799_JaffaCakes118

Files

f938fe684c5702f74a9d322dfab10799_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!rc!
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE