gh0strat | 5cef9aa9a68de0559779e615b10e9a9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5cef9aa9a68de0559779e615b10e9a9f_JaffaCakes118
Size

136KB
MD5

5cef9aa9a68de0559779e615b10e9a9f
SHA1

4d39dd91a6fcf70a0b995cbc23d3c96890a92007
SHA256

d8e453bb5e4c1a13c52eae1fbcc89f5e5ddc5b6504049dba4f307316b88f31d3
SHA512

349abe60e945ad2d0f73deaa5899bb8f1473ed2740f7b43b0207c966a92ce0110325e8575656633ac89a95087875e1ad9bc603683a18f44887558314efde0faf
SSDEEP

3072:3boSQ6ysR0pLYpV7P/Hdfq3vhdMmtuG3EsmzUyAZdsL:3b66ysR0elAvHJtf3EsmtAbM

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cef9aa9a68de0559779e615b10e9a9f_JaffaCakes118

Files

5cef9aa9a68de0559779e615b10e9a9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c7c5769b9fd39d95b05d3ab322af7f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
ReleaseMutex
GetCommandLineA
Process32First
GetCurrentThreadId
GetStartupInfoA
Process32Next
CloseHandle
GetModuleFileNameA
SetFilePointer
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
lstrcmpiA
SetLastError
GetTempPathA
GetTickCount
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SizeofResource
WriteFile
FreeResource
MoveFileA
DeleteFileA
ExitProcess
LoadLibraryA
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
HeapFree
Sleep
lstrlenA
CreateThread

user32

LoadIconA
LoadCursorA
RegisterClassExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
SendMessageA
PostThreadMessageA
GetTopWindow
GetWindowRect
WindowFromPoint
CreateWindowExA
GetCursorPos
IsWindow
SetForegroundWindow
GetWindow
GetClassNameA
GetWindowTextA
SetCursorPos
GetDesktopWindow
mouse_event
GetInputState

advapi32

EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA
LookupAccountNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
OpenSCManagerA
StartServiceA
OpenServiceA
GetUserNameA
GetAce

msvcrt

realloc
malloc
__CxxFrameHandler
_CxxThrowException
strchr
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__setusermatherr
??2@YAPAXI@Z
_except_handler3

netapi32

NetUserGetLocalGroups

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7c5769b9fd39d95b05d3ab322af7f2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 844B

.rsrc Size: 122KB - Virtual size: 121KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 844B

.rsrc
Size: 122KB - Virtual size: 121KB