gh0strat | 7895ceba37b212bf8377b16a3263c2ed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7895ceba37b212bf8377b16a3263c2ed_JaffaCakes118
Size

121KB
MD5

7895ceba37b212bf8377b16a3263c2ed
SHA1

841dfd8264d74803b45d4c50a2773a076ace8b3b
SHA256

9c9b893d44b726e6c7eb53ce0aae2851ac3b1ca681dc2bf313886fbf6304728f
SHA512

e9da3549001a33f9088e6b7154b789d6196781a6d7c484d6c11bb1b6bb74c656038377a1efb6a7998dd8a4d8edd9593a1f3fa7e0abf63c92de011dead657d8f0
SSDEEP

3072:GgqYxbHFZvr5ai3ZW8Z4aBTZF+AsOW1zjw7KD7ekBc8KE:GMBHF1r4x8Z1+r1vGKD71Oy

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7895ceba37b212bf8377b16a3263c2ed_JaffaCakes118

Files

7895ceba37b212bf8377b16a3263c2ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b4f623d3388513c4416ddbf2f78662e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
lstrcpyA
lstrlenA
SetLastError
CloseHandle
Process32Next
lstrcmpiA
Process32First
GetProcAddress
LoadLibraryA
SizeofResource
LockResource
LoadResource
FindResourceA
GetLastError
WinExec
lstrcatA
ExpandEnvironmentStringsA
ExitProcess
Sleep
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
DeleteFileA
CopyFileA
MoveFileExA
GetWindowsDirectoryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

??3@YAXPAX@Z
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strstr
_except_handler3
__CxxFrameHandler
fopen
fwrite
??2@YAPAXI@Z
fclose

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ