gh0strat | 234973b02ed310c5e3ff75890ee38dd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

234973b02ed310c5e3ff75890ee38dd6_JaffaCakes118
Size

93KB
MD5

234973b02ed310c5e3ff75890ee38dd6
SHA1

b1b145cc276041d574784ac53a92d16b14bfc665
SHA256

6bd832953b54a87dec4dfdcf249ccac15ba2c5cb8f06fdb6d7041392a63bdf09
SHA512

1871f2ef99a2528415627e3eb28e32a17e32628e1dec31d4732b054cab83c08643d4417b7c91473aecaedeaa208a9f26106d58c703207d3e547dc1e23d649a8b
SSDEEP

1536:AcSBCMldsVnBBiYnYUQfciJ0fv0MMpfwkKQGKFFz+c:TSBCMldcBiYfQflJmv0MEfwkKQGKFFzF

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
234973b02ed310c5e3ff75890ee38dd6_JaffaCakes118

Files

234973b02ed310c5e3ff75890ee38dd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b86c9017e135b3ef1da26464f37c0edd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
LoadResource
FindResourceA
GetTempPathA
SetFilePointer
GetModuleFileNameA
SystemTimeToFileTime
Sleep
WinExec
GetCurrentThreadId
GetStartupInfoA
LocalFileTimeToFileTime
SetFileTime
SizeofResource
lstrlenA
FreeResource
MoveFileA
SetFileAttributesA
DeleteFileA
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetWindowsDirectoryA
MoveFileExA
CopyFileA
HeapFree
GetVersionExA
LoadLibraryA
GetSystemDirectoryW
OpenProcess
CompareStringW
VirtualFree
VirtualAlloc
DuplicateHandle
GetTickCount
CreateFileW
GetFileSize
ReadFile
MoveFileW
WriteFile
GetCurrentProcess
CloseHandle
GetWindowsDirectoryW
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter

user32

PostThreadMessageA
wsprintfW
GetMessageA
wsprintfA
GetInputState

advapi32

InitializeAcl
GetUserNameA
RegOpenKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
OpenSCManagerA
CloseServiceHandle
StartServiceA
ControlService
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
OpenServiceA

msvcrt

_exit
_controlfp
__set_app_type
__p__fmode
_except_handler3
realloc
malloc
strchr
free
wcscpy
wcscat
wcsncmp
wcsncpy
wcslen
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsupr
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b86c9017e135b3ef1da26464f37c0edd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 80KB - Virtual size: 79KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 80KB - Virtual size: 79KB