gh0strat | 41425bc63e5c5f8c1c27ed423ca17c49_JaffaCakes118 | Triage

Sharing

General

Target

41425bc63e5c5f8c1c27ed423ca17c49_JaffaCakes118
Size

319KB
MD5

41425bc63e5c5f8c1c27ed423ca17c49
SHA1

6a0d298b800dc534fe03075d1975babb803a2b49
SHA256

9dc2b78996c3a9d8a503fea7e9302975f5cf3ce93bc04c5f8e4443c0c0d49c20
SHA512

203a3464be3c6b0e35f2d22252b1ffbcf06895eebb12d26b144334679d856421d8245014e5e84220464ca1c50c23038be91428064ed381569d130793308dbfc0
SSDEEP

6144:v7iqvdXjlwTctvD1f+2epcnjSczeINziZuxXbsRoMA94L6p64jCJ9aJ9Vw:v7igdXxwINw2yccI8ZAVMA94L6p642Cc

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41425bc63e5c5f8c1c27ed423ca17c49_JaffaCakes118

Files

41425bc63e5c5f8c1c27ed423ca17c49_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ResetSSDT
ServiceMain

Sections

.textbss
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 312KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 94B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ