gh0strat | 4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118
Size

909KB
MD5

4d42f9c620b3e0799eb0010adbd8effe
SHA1

ea785bd458cf401bc73491ecbe83ad537388e24d
SHA256

a5ec8412a4e92b0f664dc6cbd1c0f4f10e651e8fad30c93f91553e4d138def5f
SHA512

60ee87e9dcdc34a7e82fae8b24966221776546b7e1a93531b83c6b094a50b683a1f107124033469510fa6a85085e19aade7102e30f829dc82b9c3308af652aa3
SSDEEP

12288:b3c0q8d8pgaMuyjm9+oAvsSVdKz6rT97xYneEkLxYneEkT9Cg:7Xq8bzk+oAvtX7xYrkLxYrkhX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118

Files

4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

PS�ի��
Size: 703KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!rc!
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

?K
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ