gh0strat | 25cca9425f91ce920f81afb0b1cba3d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25cca9425f91ce920f81afb0b1cba3d8_JaffaCakes118
Size

105KB
MD5

25cca9425f91ce920f81afb0b1cba3d8
SHA1

aa450e56b3f5514b9534bcdbc4307fe6bb05e031
SHA256

d96d5ce454c6563e9d7b5710082567aedb256ef8d451fde9dc2e2f70a87ce0a0
SHA512

320c9783cb1ad1670d4f8d280ff506b444d82bd8d2d3fe3ed62feddece0df39591b4e4d74fbaa5ed4d4cc2bd2eb6f14cc552e463ae3a55a156f10d996e175d63
SSDEEP

1536:RJNPFJHJuXUPDxXModRsS/bcbHFfB18welrsKoks4KOx2:R7FWQDxX9Rf/bUH9B18vrsKoks4KOx2

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25cca9425f91ce920f81afb0b1cba3d8_JaffaCakes118

Files

25cca9425f91ce920f81afb0b1cba3d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0ca8fb524d53a294a75f3adfde9e816

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
ExitProcess
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE