gh0strat | 3a1cbef755246e3cfaa0fc358a7828f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a1cbef755246e3cfaa0fc358a7828f0_JaffaCakes118
Size

276KB
MD5

3a1cbef755246e3cfaa0fc358a7828f0
SHA1

058d749a44c6ebe267b424a7e40ed88ce215fe7c
SHA256

6d3d04d331dad19aebb22e5bc5fb609631e5fb7a9ee466341737630b349be2a1
SHA512

f3e32b92bcd06e91d2f68bd6cd480976ee809eded8bfc62e2f3cf54473f9725f1cf065f3bac40c77cb5001201e6d9dba23c4d1237629690b8c9edaafa2b0f2b6
SSDEEP

6144:xFPO+SDksOFi2zWLj+3QnxU2sRpLglGycqpsvF0+VcrAKNjoiFidm:x5OhDksoiEWLjZnDsRGlGFq7EcrZD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a1cbef755246e3cfaa0fc358a7828f0_JaffaCakes118

Files

3a1cbef755246e3cfaa0fc358a7828f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb694a22536c61bfd41fc75d5e8ebf6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2445
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord554
ord401
ord825
ord674
ord807
ord5254
ord4450
ord4671
ord4676
ord1886
ord4251
ord4946
ord3254
ord2441
ord1695
ord5006
ord5656
ord4470
ord5103
ord3350
ord975
ord5476
ord4154
ord2385
ord5285
ord2446
ord736
ord642
ord739
ord450
ord439
ord6491
ord327
ord442
ord620
ord747
ord5495
ord2104
ord4460
ord5871
ord6565
ord6619
ord2087
ord4163
ord6625
ord6064
ord5252
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord459
ord561
ord743
ord6215
ord617
ord5301
ord6352
ord5214
ord296
ord5500
ord2036
ord986
ord6137
ord411
ord4159
ord6117
ord1134
ord1205
ord1199
ord1247
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord5098
ord4620
ord1894
ord4254
ord3798
ord4861
ord4826
ord3187
ord4950
ord2437
ord2171
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord3106
ord4605
ord5000
ord4416
ord5090
ord5501
ord4628
ord4657
ord5752
ord4155
ord2991
ord3417
ord5025
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3060
ord3066
ord6336
ord2510
ord2542
ord5244
ord5742
ord1747
ord5577
ord3172
ord5654
ord4423
ord4956
ord4860
ord2402
ord4387
ord3454
ord3198
ord6081
ord6175
ord3261
ord3280
ord4623
ord4430
ord456
ord748
ord4825
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord2535
ord4448
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord4153
ord2383
ord5284
ord4437
ord4428
ord796
ord529
ord402
ord6000
ord2117
ord4457
ord5255
ord1895
ord4958
ord3407
ord4990
ord4927
ord4932
ord4937
ord4717
ord4688
ord4857
ord5018
ord5108
ord4912
ord4646
ord4980
ord4522
ord4993
ord4537
ord5075
ord4038
ord3281
ord3353
ord4626
ord457
ord749
ord4653
ord6194
ord1576
ord1665
ord2649
ord5283
ord4353
ord6374
ord5163
ord2382
ord5237
ord4407
ord1776
ord4077
ord6055
ord4152
ord2878
ord2879
ord3403
ord5472
ord976
ord5012
ord3351
ord4303
ord4467
ord5104
ord5100
ord3059
ord2390
ord2723
ord2101
ord5101
ord4245
ord1858
ord823
ord4957
ord4458
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__CxxFrameHandler
_controlfp
_except_handler3
__dllonexit
_setmbcp
_stricmp

kernel32

UpdateResourceA
ReadFile
GetTickCount
Sleep
EndUpdateResourceA
GetLastError
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
CreateFileA
WriteFile
CloseHandle
BeginUpdateResourceA
FreeLibrary
LoadLibraryA
LoadResource
FindResourceA
SetFileTime
GetFileTime
ExitProcess
GetSystemDirectoryA
TerminateProcess
OpenProcess
WinExec
GetStartupInfoA
LocalAlloc
InterlockedExchange
RaiseException
GetFileSize

user32

GetInputState
PostThreadMessageA
GetMessageA
EnumWindows
wsprintfA
MessageBoxA
UpdateWindow
EnableWindow

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb694a22536c61bfd41fc75d5e8ebf6c

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 228KB - Virtual size: 453KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 228KB - Virtual size: 453KB

.rsrc
Size: 20KB - Virtual size: 17KB