gh0strat | 6ff2a4ca1236a40cdbde74c086a949d5_JaffaCakes118 | Triage

Sharing

General

Target

6ff2a4ca1236a40cdbde74c086a949d5_JaffaCakes118
Size

223KB
MD5

6ff2a4ca1236a40cdbde74c086a949d5
SHA1

5f451121f14af83791655ad6117813b2facfd963
SHA256

05ff107131d3bb78a5d1b9ace8b07ee9552eab5c9476eed3dba6d730fc9b9d35
SHA512

d8f8335cafb6b6991bc7763549cb4dd21b305ccba93c14e439d64cf412dc4e0f84dce3cf4043fb2dfd3087de2747f2e119a3900daa8dc8558d5ab8fb9beb928f
SSDEEP

6144:ZZM4nDWgRAkPwUrWbi7cJVGpxx9bKwZuwk4GHeqo:1R3PwUdoJI3LK+RT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ff2a4ca1236a40cdbde74c086a949d5_JaffaCakes118

Files

6ff2a4ca1236a40cdbde74c086a949d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.YunShas
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 306B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.maomao
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sample~