gh0strat | 5c2ba010764cdb443c955a6250c18bed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c2ba010764cdb443c955a6250c18bed_JaffaCakes118
Size

196KB
MD5

5c2ba010764cdb443c955a6250c18bed
SHA1

38697e14c8fba511ccf4c0330feefa9d7ec62cf3
SHA256

2db22beb9db876f268b5ede9a00387ee7e8b28b59211fab91cbab9d9812d526b
SHA512

98dfebb1f0beba77e427140bf8060308563418c1919b899eac53c83be949c55c3df709c5cb7c3f5fd443f5d24315469a1900deb03b32898426fea28ed2f39ca9
SSDEEP

3072:W7SBhy8t8EkLPoU/RGY/IN2F4BkJCBu5CxIhde0OFy4KjfZeICg:WEygksU/cY/IN2F4BkxVhoezZ15

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c2ba010764cdb443c955a6250c18bed_JaffaCakes118

Files

5c2ba010764cdb443c955a6250c18bed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef69753dab5008b358f392bfa3155aa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateDirectoryA
GetLocalTime
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
GetModuleFileNameA
OutputDebugStringA
GetWindowsDirectoryA
GetFileAttributesA
SetLastError
lstrcmpiA
lstrcpyA
GetProcAddress
GetTickCount
FindResourceA
CreateFileA
lstrlenA
SetFilePointer
GetCurrentProcess
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetLastError
GetModuleHandleA
HeapFree
LoadLibraryA
SetStdHandle
GetOEMCP
GetACP
RtlUnwind
RaiseException
HeapReAlloc
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
FlushFileBuffers

user32

PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

advapi32

RegDeleteValueA
OpenServiceA
StartServiceA
RegCreateKeyA
RegSaveKeyA
RegRestoreKeyA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
EqualSid
AddAce
GetAce
AddAccessAllowedAce
GetSecurityDescriptorControl
SetFileSecurityA

netapi32

NetUserGetLocalGroups
NetApiBufferFree

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef69753dab5008b358f392bfa3155aa1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 136KB - Virtual size: 133KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 136KB - Virtual size: 133KB