gh0strat | 443e0776684667b3920d4a6a5e9eb62a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

443e0776684667b3920d4a6a5e9eb62a_JaffaCakes118
Size

152KB
MD5

443e0776684667b3920d4a6a5e9eb62a
SHA1

e0fa8e3802c6c17af88e7f7b6ac9494615312f5b
SHA256

1fadf170195188ba67ea3d28af8b040f0ac51b7f1ca1a235a5c1e222ed94eb38
SHA512

28424b30f6dd02b213fbaa562c40e31d7d9a5d030976d6708a2f35aeab8a2370c15cbb1b1508adee2454087b39767ad145815558ea5462e98320ce013aa87ded
SSDEEP

3072:3hkjTBwQfdtG79onTCBvqYzVKBaUi5zMy7oidb2bl:+jTBwudSSkKk1xjkidA

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
443e0776684667b3920d4a6a5e9eb62a_JaffaCakes118

Files

443e0776684667b3920d4a6a5e9eb62a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dc55f70c806d53cf7af9f7f3cd8ee9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcatA
GetModuleHandleA
GetLastError
FreeLibrary
CreateToolhelp32Snapshot
DeleteFileA
MoveFileA
CloseHandle
lstrlenA
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
CreateFileA
GetTickCount
ReadFile
SetFilePointer
ExitProcess
GetLocalTime
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
WinExec
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??2@YAPAXI@Z
strchr
_except_handler3
malloc
_strcmpi
_strrev

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ