gh0strat | 30f3e9b7a8c8dc15be79d276aa0eb991_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30f3e9b7a8c8dc15be79d276aa0eb991_JaffaCakes118
Size

385KB
MD5

30f3e9b7a8c8dc15be79d276aa0eb991
SHA1

5600d074fa078c1801a15cc1e2970d6a554be070
SHA256

cfdf2d6890f6668a0ce9989b6efd79348378f68196abc8e1cab2f728d60a94e3
SHA512

6a774847a7f915a9b927f9fa9d368cb56f4f8333ce92335b7b78d7cdc0174d5a78cd55243276a0391725a1074c3e67c42c05a47c90a8865d7ef1f9d28eaaad9a
SSDEEP

6144:7Z3GbFcVogEVxpJWCPi8WrzvSsHayvkd/xzDVLyLD0ZPyhzTk4XZY:FAFcVoNxH5PtWrzv56QyDdymqhzY4XZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f3e9b7a8c8dc15be79d276aa0eb991_JaffaCakes118

Files

30f3e9b7a8c8dc15be79d276aa0eb991_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5244325d382819be2f08b54a5363aa9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord6385
ord1979
ord354
ord665

msvcrt

_adjust_fdiv
__setusermatherr
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strcat
__CxxFrameHandler
__p__commode

kernel32

LoadResource
SizeofResource
FindResourceA
ExitProcess
GetTempPathA
GetStartupInfoA
GetModuleHandleA
LockResource

shell32

ShellExecuteA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 382KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ