gh0strat | 235b4b8d70f7c7c31ce38cbf08bf1fe8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

235b4b8d70f7c7c31ce38cbf08bf1fe8_JaffaCakes118
Size

101KB
MD5

235b4b8d70f7c7c31ce38cbf08bf1fe8
SHA1

2d9fedf30087814163bd3f09334f55867f2377f2
SHA256

4180c79551805ef4569af340d0898b02fec2959c70df706359087845c3d93006
SHA512

02d67debc0ec5cd36a5d0858efcda44a1e20aac6b86f3a2012be9353901973c45a989b67895cf9027dd0afe47ca369cd6a0c06f77b8c76f60a8b74d75a3c5f1c
SSDEEP

1536:0NC+oAMGCgqtWNFk42U7c9OOfc7KREGD3c/z3WgngyDf:EbMGCgU6k42U7SOIc7KDLc/z3W+gyDf

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
235b4b8d70f7c7c31ce38cbf08bf1fe8_JaffaCakes118

Files

235b4b8d70f7c7c31ce38cbf08bf1fe8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LetMeSee
SETUP
ServiceMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ