gh0strat | 2e1150adf2ed5e37101b2ac64495e9cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e1150adf2ed5e37101b2ac64495e9cd_JaffaCakes118
Size

420KB
MD5

2e1150adf2ed5e37101b2ac64495e9cd
SHA1

d8979b17d90d2fe54c4c354a5ce7ec3f68353a05
SHA256

f49c60e3aa18bb6f0a2cc6425eb3609f49ff6d553b6f50d7a91aa6a5ef66ca1a
SHA512

e5f1a16ff900682244ef05ba481ac082bd0e1a9632126e7529d8658f22a4d9d3b17982478c2547fb2ef470ae694274adc2e098f740a72400e438ab929479fb9e
SSDEEP

12288:0VcCJoZQr+HgNJGTvCVL7yni9ViPUNcoZQ:0Vc+oIigNATKtusKUNco

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e1150adf2ed5e37101b2ac64495e9cd_JaffaCakes118

Files

2e1150adf2ed5e37101b2ac64495e9cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 389KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 365B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ