Behavioral task
behavioral1
Sample
4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118
-
Size
909KB
-
MD5
4d42f9c620b3e0799eb0010adbd8effe
-
SHA1
ea785bd458cf401bc73491ecbe83ad537388e24d
-
SHA256
a5ec8412a4e92b0f664dc6cbd1c0f4f10e651e8fad30c93f91553e4d138def5f
-
SHA512
60ee87e9dcdc34a7e82fae8b24966221776546b7e1a93531b83c6b094a50b683a1f107124033469510fa6a85085e19aade7102e30f829dc82b9c3308af652aa3
-
SSDEEP
12288:b3c0q8d8pgaMuyjm9+oAvsSVdKz6rT97xYneEkLxYneEkT9Cg:7Xq8bzk+oAvtX7xYrkLxYrkhX
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118
Files
-
4d42f9c620b3e0799eb0010adbd8effe_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
PS�ի�� Size: 703KB - Virtual size: 704KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.!rc! Size: - Virtual size: 280KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
?K Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.mackt Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 194KB - Virtual size: 196KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ