gh0strat | ba42274ac68fc512e5d56e35b50a83f0_JaffaCakes118 | Triage

Sharing

General

Target

ba42274ac68fc512e5d56e35b50a83f0_JaffaCakes118
Size

141KB
MD5

ba42274ac68fc512e5d56e35b50a83f0
SHA1

4850334d7199b83d8cfd2f26becab6491008d310
SHA256

64f498a80d5dc1551fc3a6309e3d17de81ed39eb2ce49d2458332cd4a7343d40
SHA512

c513a93ad0da97f90f7ed330027974f2f6638571ff02dbed4255c2d3660d19707038d54f0217da0f558a7e0396cf38c6c12b4c3ccfa39b9ffdc375f7bc7a2ff7
SSDEEP

3072:N9+lMKlrBOTI8h7UVuRh/DBiEQcaKPpcDsJZ9:Nt0OTI0UQLDw8aipcQZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba42274ac68fc512e5d56e35b50a83f0_JaffaCakes118

Files

ba42274ac68fc512e5d56e35b50a83f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ