gh0strat | b733d197fdfe1774d1abc104a622b2ae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b733d197fdfe1774d1abc104a622b2ae_JaffaCakes118
Size

223KB
MD5

b733d197fdfe1774d1abc104a622b2ae
SHA1

ce91fefad60af876893448d36afaabd59d067da5
SHA256

049d52865c071a0269e5ce1425fa30cf9c22cb2ffa7c49e263041d44e180e9e0
SHA512

664092e72972f71db7e8ba38b1dfc7a5086c691b9c9724d0e33fe16414f105fb33c94e4ace1f5efbab3b39db5ab94cdf10fd77732f8eb72cc173c5df2d40375b
SSDEEP

6144:ZZM4nDWgRAkPwUrWbi7cJVGpxx9bowZuw34GHeqoh:1R3PwUdoJI3Lo+ST9

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b733d197fdfe1774d1abc104a622b2ae_JaffaCakes118

Files

b733d197fdfe1774d1abc104a622b2ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.YunShas
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 306B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.maomao
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sample~