gh0strat | 85a24048a8c0c8066923a3ef6b25c20e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85a24048a8c0c8066923a3ef6b25c20e_JaffaCakes118
Size

196KB
MD5

85a24048a8c0c8066923a3ef6b25c20e
SHA1

a36356bdce86cd2f04b2f9f8e560967360689cc0
SHA256

960c423205fdab345f01bd21334f0c2767417344d6e9b6ad74e29395f56b5639
SHA512

8f0f2223c22c8a3c144792829f174a7006d220954cc4c290a6227ac11bc5541ef5a5f270b3884b81d24e4cc7fb1a05b8f9de7b102c82242eae1f8b955931b047
SSDEEP

3072:Ra+t8rLxh1NlaMhhkR4RDe95OyKaMsHkkCUXPQR:+9hU4e71MsHkkjq

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85a24048a8c0c8066923a3ef6b25c20e_JaffaCakes118

Files

85a24048a8c0c8066923a3ef6b25c20e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a0d0f1aa9a5448a09824f5e5d77a8a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
lstrlenA
GetProcAddress
MoveFileA
CreateThread
GetLocalTime
LoadLibraryA
GetModuleFileNameA
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetLastError
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegOpenKeyExA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ