gh0strat | 037d7ef7609234a2ba85ed5c3afd24b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

037d7ef7609234a2ba85ed5c3afd24b2_JaffaCakes118
Size

324KB
MD5

037d7ef7609234a2ba85ed5c3afd24b2
SHA1

d509271f9dbb4fb096112e9a59eb633cebaa6b4e
SHA256

52d5c2053a901f91b99e10a6a4ea6817cb0c7d08743fae69684f03623be95229
SHA512

dc0cf98ca0e1525c0d08728b187b51210c40c930c4e291b033e1ae14895ce12ee9e55e2146ea8fcb7c8a37e2ab5ef3f668b23771cb3e128a00288e08d7d728bb
SSDEEP

6144:QiqvdXjSYawTcnn+hr1qPaLzYRYczthGjE/qfF1lkOSf1aUaDBfFCJnY8ny4Q8:QigdXcwIn+hJqiU9PGI/qfFwOaXafFCT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
037d7ef7609234a2ba85ed5c3afd24b2_JaffaCakes118

Files

037d7ef7609234a2ba85ed5c3afd24b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ResetSSDT
ServiceMain

Sections

.textbss
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 316KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 94B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ