gh0strat | 0b8f6793f9a5cfc4eaf52c50e7202d85_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b8f6793f9a5cfc4eaf52c50e7202d85_JaffaCakes118
Size

56KB
MD5

0b8f6793f9a5cfc4eaf52c50e7202d85
SHA1

377ff18d15018ddd0afc6e46bd30855a41a023f9
SHA256

0ba1091890fc620cabce54a7163bb9678a32d5c283854fa916d9c36d2138aa4e
SHA512

611146a6ba1da41bfa1e51b92bd69f68a1816bb081f1b114428926b6b12fb36c37a5b8fbe2d3a49632f133f5478a555f59d91d663e3ca96e42be7b46faff07bd
SSDEEP

768:KVLR+vJUF4T6Qi4KGeL2juLTNAD1QGfc7Ua4dmD22DQohfonsFUhMJ0BFStgrv3k:KPt4T6QTlQ2j+TNW1XnCKzDQyvU

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b8f6793f9a5cfc4eaf52c50e7202d85_JaffaCakes118

Files

0b8f6793f9a5cfc4eaf52c50e7202d85_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f3943b6e423d10b83dd43e75c79ba04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

msvcrt

rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm

Sections

qiangzi
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

qiang
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

qiang
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qiang
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ