gh0strat | 22feaf3fe73598e5b35e56f59955f892_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22feaf3fe73598e5b35e56f59955f892_JaffaCakes118
Size

109KB
MD5

22feaf3fe73598e5b35e56f59955f892
SHA1

f54f1cf74a93c8ff64516ebc17768c5f3f982bd2
SHA256

cd052f8b2afe5028f7ee816335cfd822c78d8ccfa502b562fb70d57ca0267b4f
SHA512

a44fb8366b10f6389b891a4bda3b80b31c8f4cb1e0515c946f50b60541fc8212e7a42f2d8d52acfb9df915e173f59a5c0a226bb981dc086d49c620daa23d6107
SSDEEP

1536:BCTwSV4SibNn8YIaT624cKau2f9d0u33+Nvq+mHT:zS2SiuYIb24Wug9d0o+lq+mHT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22feaf3fe73598e5b35e56f59955f892_JaffaCakes118

Files

22feaf3fe73598e5b35e56f59955f892_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ