gh0strat | 85fa34032f563aa45286f4c07f8923a1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85fa34032f563aa45286f4c07f8923a1_JaffaCakes118
Size

315KB
MD5

85fa34032f563aa45286f4c07f8923a1
SHA1

004e2e0b90c97d95113b690c805b4257a84e0618
SHA256

1333fd8d93713ce58d8c076e4ccf9a67c36c70cacfd1f35d2961dde1ded11cd3
SHA512

640cca84d5a84d9440cef61112bf81148f6500b75bd8edc090c00d4cf63e9a7c640e15ae25868756174a6747860fc5386e73af460be529b239c5aa079f4159da
SSDEEP

6144:TVGgdx9tSUEZuwgrGXGqoA8nT+6eyW9Qmfs:TICdSU6O/JnTFeyW97s

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85fa34032f563aa45286f4c07f8923a1_JaffaCakes118

Files

85fa34032f563aa45286f4c07f8923a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asef
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE