gh0strat | 29b088abcfdf0c4fe7c67c39a680a69a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29b088abcfdf0c4fe7c67c39a680a69a_JaffaCakes118
Size

1.8MB
MD5

29b088abcfdf0c4fe7c67c39a680a69a
SHA1

e974f79adf362784276c9c12bf2ce3d65828eb0f
SHA256

28b49fcf4a74e76a94b00d365a7ba2fa1698bb5b5c590444aa70e04fb9054a55
SHA512

7a4805ae66f26a74187170a00925ea6da36cd2a4176c3f1cb6a43af92919396186dcf4e327b6cba579dd7a821a6b65f59963686aa7806245faf613a7845677ea
SSDEEP

24576:DR9R3Psx7DntHMG4q5vKOhCGpllKZDY/0E2GwIBss+8C+OwRt7rVKW81ujcT3MZ:DRfOtBNrNwq7rwsbowRlYWM5T4

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b088abcfdf0c4fe7c67c39a680a69a_JaffaCakes118

Files

29b088abcfdf0c4fe7c67c39a680a69a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ