gh0strat | 6237ace00e2f300e0bb29cf26b9ae4f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6237ace00e2f300e0bb29cf26b9ae4f2_JaffaCakes118
Size

111KB
MD5

6237ace00e2f300e0bb29cf26b9ae4f2
SHA1

4ca570ebefcf15539b2af5e23e5b3349f80143de
SHA256

e82c68322dfd4e6efff9bee90d4468f866b05def2467fc4778f25d936fabb1fc
SHA512

0f0399776c175a213d2b7516fab29419d9b0e487837dcccdc3060c44fd60b9dc5683e62d56c32853ace430a7a6eea3880a956d1b2dca529839bdf0ffcaec39fd
SSDEEP

1536:i8uMs+Jc7yvqPbsm8QfLpcILGoka7V2uJp1VcM/vfh7EP8Z8IeIgD31:+N+ibsmUul0uJXVb/Xh7EP88IeIgD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6237ace00e2f300e0bb29cf26b9ae4f2_JaffaCakes118

Files

6237ace00e2f300e0bb29cf26b9ae4f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa07ab3d4ffd7e44f6b08dcd17a1a90c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
LoadLibraryA
OutputDebugStringA
ExitProcess
SetFileAttributesA
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
LoadResource
FindResourceA
lstrcatA
GetTempPathA
GetFileAttributesA
lstrlenA
SetUnhandledExceptionFilter
GetModuleHandleW
GetStartupInfoW

msvcrt

_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_mbsstr
__CxxFrameHandler

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 976B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 816B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 736B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ