gh0strat | 07d106b75f307131bdc249b44f07ca21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07d106b75f307131bdc249b44f07ca21_JaffaCakes118
Size

148KB
MD5

07d106b75f307131bdc249b44f07ca21
SHA1

3101658b77bdd244f38207b44d030436d21ce987
SHA256

a614a9ba1ccc18e402acac2cd19853c3409caff63c326c87d287b99158fc3f93
SHA512

e473b37e472d31a7739bc604766bddd6cb096730757f9c0ddc089c4c827f70d2e535e8b12c6eda20324e5fa46b10c5391cf2b87d8d2b62b04d203fec7a0e0de0
SSDEEP

3072:Z3BDgPAN3LERTu9YqZxoYOHCiGFLLHTBftbntYesD:Z3NARTu9fOi1LLHTBlbntxsD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07d106b75f307131bdc249b44f07ca21_JaffaCakes118

Files

07d106b75f307131bdc249b44f07ca21_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ff8c7e1d39a4b4dd1c5def18a2840829

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHFileOperationA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

shlwapi

SHDeleteKeyA

oleaut32

SysFreeString

user32

DestroyWindow
wsprintfA
CloseWindowStation
CreateWindowExA
LoadCursorA
DestroyCursor
GetCursorInfo
GetClassNameA
GetWindow
ShowWindow
EnableWindow
GetWindowRect
wvsprintfA
MessageBoxA

advapi32

RegOpenKeyExW
RegisterServiceCtrlHandlerExA
QueryServiceStatusEx

kernel32

FormatMessageA
SetUnhandledExceptionFilter
GetLongPathNameA
GetTempPathA
SetEnvironmentVariableA
GetFileAttributesExA
GetCurrentProcessId
VirtualQuery
WinExec
IsBadWritePtr
MapViewOfFile
GetLocalTime
GetTempFileNameA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
FreeLibrary
MultiByteToWideChar
GlobalSize
LoadLibraryA
GlobalLock
GlobalUnlock
RaiseException
CreateFileMappingA
GlobalAlloc
lstrlenA
lstrcpyA
CloseHandle
lstrcmpiA
WideCharToMultiByte
GetTickCount
ExitProcess
lstrcatA
GetSystemDirectoryA
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetCommandLineA
HeapFree
GetProcessHeap
VirtualFree
Sleep
HeapAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
GetModuleHandleA
lstrcmpA
GetProcAddress
ExpandEnvironmentStringsA
GetLastError
LocalFree
LocalReAlloc
LocalAlloc
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
LocalSize
InterlockedExchange
GetCurrentThreadId
GlobalFree

iphlpapi

GetAdaptersInfo

ws2_32

shutdown
closesocket
select
recv
gethostbyname
socket
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
getsockname
gethostname
send

msvcrt

_memicmp
wcstombs
_except_handler3
_ftol
srand
rand
strchr
atoi
strncpy
strstr
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
malloc
strrchr
memmove
ceil
_beginthreadex
atol
_adjust_fdiv
_initterm
_onexit
__dllonexit
_stricmp
free
_strupr
_wcsicmp
_strlwr
realloc
strncat
wcsrchr

Exports

Exports

DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetClassInfoForCurrentUser
GetDefaultPartitionForCurrentUser

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff8c7e1d39a4b4dd1c5def18a2840829

Headers

File Characteristics

Imports

shell32

ole32

shlwapi

oleaut32

user32

advapi32

kernel32

iphlpapi

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB