gh0strat | 75b80e09e7e7e26956497b83699548aa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75b80e09e7e7e26956497b83699548aa_JaffaCakes118
Size

152KB
MD5

75b80e09e7e7e26956497b83699548aa
SHA1

12ee438cd102bb7c80858d439e1c127de0c6b814
SHA256

53167b9c1c48315fc6b881b09ae4cab42ff49c20b221d240c1dee68d618b5559
SHA512

6526197a2684873d13103df52bea28982bee7aea583e321879aeb6c1affa66f37e5057b25bf6bdb29ffac597006812dd71de39a7956769d1656b540e3a7fa5a2
SSDEEP

3072:me6zg+GbqWhxhUcFhcoDCecDjD9PTBftb3znpI:WzUbLhoR2c3hPTBlb3znp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75b80e09e7e7e26956497b83699548aa_JaffaCakes118

Files

75b80e09e7e7e26956497b83699548aa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AutoDialFunc
CmCustomDialDlg
CmCustomHangUp
CmReConnect
GetCustomProperty
InetDialHandler
RasCustomDeleteEntryNotify
RasCustomDial
RasCustomDialDlg
RasCustomEntryDlg
RasCustomHangUp

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ