gh0strat | 8edcaf4f211c71d43093faae2851601d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8edcaf4f211c71d43093faae2851601d_JaffaCakes118
Size

183KB
MD5

8edcaf4f211c71d43093faae2851601d
SHA1

2de53c8c8bbe29c76ab0f453328881aeb65f94c4
SHA256

337ac01e015ce101d3ddef8011eaf9123020a97f745c2ccc618ab21620c930dd
SHA512

3fdcedc207b4661dcd3149846b9fcae5b1bb21d98340d9e2b2383e621229b40d8ba161fbcddf57ee6f5cd8fcde11642fe849d682ae636a25d31e917fce21310c
SSDEEP

3072:y4z1/IpQ5dSTids7xEm5K7oIzKlkcw+gF48UJpOVnjwZOL9GlD3PPPPPPPPPPPPf:xhu4s7lG+kdLF4DJpAnjnGlD3PPPPPPf

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8edcaf4f211c71d43093faae2851601d_JaffaCakes118

Files

8edcaf4f211c71d43093faae2851601d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ESV
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE