Behavioral task
behavioral1
Sample
5ea98b8cecbcda1591c5965289f21af1_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5ea98b8cecbcda1591c5965289f21af1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5ea98b8cecbcda1591c5965289f21af1_JaffaCakes118
-
Size
192KB
-
MD5
5ea98b8cecbcda1591c5965289f21af1
-
SHA1
c12c608192362e4eb7c73dde5393302ee4f8e306
-
SHA256
625cc45e67b4dc8b51b8a8be38dd31f9fea31b0c7a9bd8c32419bece587ec8c2
-
SHA512
87d77dfebdb4f8cab90e0f1365ef7b69766727028bc6937c5a6435f1244a34da3efa80348862821592f98f18c8cdefc7785b6847f7b6f8420867f1f2259cf217
-
SSDEEP
6144:Yx5p5bqUqaRoKr63eQrlx5p5bqUqaRoKr63eQrc:QuXK6Z9uXK6Z
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5ea98b8cecbcda1591c5965289f21af1_JaffaCakes118
Files
-
5ea98b8cecbcda1591c5965289f21af1_JaffaCakes118.exe windows:4 windows x86 arch:x86
07d82eb186c3ba414033113e457c5755
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
CloseHandle
WriteFile
LockResource
CreateFileA
LoadResource
SizeofResource
FindResourceA
shell32
ShellExecuteA
Sections
.text Size: 1024B - Virtual size: 652B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 190KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ