gh0strat | 1598479f86a8bedf3ad52dc39aa7c471_JaffaCakes118 | Triage

Sharing

General

Target

1598479f86a8bedf3ad52dc39aa7c471_JaffaCakes118
Size

114KB
MD5

1598479f86a8bedf3ad52dc39aa7c471
SHA1

44fceb8428034d829f5ffa6c56731b52dc837dbf
SHA256

7c3a2a2d9c70630da5c9303ce80a99c4eb2ffdcd6e66c66e854537d9df15d26f
SHA512

b7b44059d2b0ab332c5e2508f888562ac7b27af6840d99b8943e22de2155df44d79dc48a256dd79bf2dba792d83c8cae408f88bfdf43d9da6291d448c23ae010
SSDEEP

3072:F8/a5Bd2SmCVap6MvrJtv5OwhDkL5wGbFjzC:Fv7muY9ltR9hDkdwGJ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1598479f86a8bedf3ad52dc39aa7c471_JaffaCakes118

Files

1598479f86a8bedf3ad52dc39aa7c471_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d45d747091e0ff1ed11f4845cb998e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiA
GetProcAddress
LoadLibraryA
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
WaitForSingleObject
GetTickCount
CreateEventA
WinExec
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ