gh0strat | a7bbf965c5c143387fc3c37dcd21e0cb_JaffaCakes118

General

Target

a7bbf965c5c143387fc3c37dcd21e0cb_JaffaCakes118
Size

151KB
MD5

a7bbf965c5c143387fc3c37dcd21e0cb
SHA1

2a2ca06fa29fe24a92762ce243154456eeb99e85
SHA256

5b89bffe786de45a668c79575f16f1c2795421ec8cbf526fb26113121add0f4a
SHA512

ae4b650e0af68d86524f6aac9e6cf9d4745bb0c718a2c5cdcd2acaf2a5202e330e0caaabb6d35a38f9c9ce8afaba7cb1246b609d639a24f8845a29d725541309
SSDEEP

3072:rfKWmqu/yQH6bz/L50pBk6YuxLW5Hd8wAn0XtHL27hAtvKlhz:rin/yQH6bzD50rTto5H+9otH0hApM

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7bbf965c5c143387fc3c37dcd21e0cb_JaffaCakes118

Files

a7bbf965c5c143387fc3c37dcd21e0cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80b2dcaec61e2f28ce74745d5c4a4915

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
lstrlenA
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
GetTickCount
GetTempPathA
lstrcpyA
lstrcmpiA
SetLastError
GetFileAttributesA
lstrcmpA
Sleep
ReadFile
SetFilePointer
GetModuleFileNameA
GetLocalTime
SetUnhandledExceptionFilter
GetCurrentThreadId
WinExec
CreateThread
CreateMutexA
GetCommandLineA
SetProcessShutdownParameters
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

msvcrt

__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??2@YAPAXI@Z
strrchr
strchr
malloc
realloc
_except_handler3
_strrev
_stricmp

Exports

Exports

JustTempLMHK

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80b2dcaec61e2f28ce74745d5c4a4915

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 135KB - Virtual size: 134KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 135KB - Virtual size: 134KB