gh0strat | 1a4f18132fc4a73c9f916ab955b9a265_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a4f18132fc4a73c9f916ab955b9a265_JaffaCakes118
Size

564KB
MD5

1a4f18132fc4a73c9f916ab955b9a265
SHA1

c7a35526c557a3b609aaa070ff7810f137cb71a1
SHA256

c619fc2c3503c89ab47a7051fd6ce0fe58f5ddaf449b31fd1af15046e66da408
SHA512

5cb63ed00e7819d2318a6a3b855d02a28170a60fbcff09d3730dd67756cf79b5f8660b9d0eb9d061db125cbd07b8e1bff3d3f942b9a5edf2fac69563486d1b02
SSDEEP

12288:yQAQHBJlAghv3r+TsP5StWCKIe4s112/M5ZENjax7Fu9:yQA0lAghv3r+TsP5SjKT4sK/M5ZE9axQ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a4f18132fc4a73c9f916ab955b9a265_JaffaCakes118

Files

1a4f18132fc4a73c9f916ab955b9a265_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lpdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE