gh0strat | bc84c4c01121c211a134e4e4324dd545_JaffaCakes118 | Triage

Sharing

General

Target

bc84c4c01121c211a134e4e4324dd545_JaffaCakes118
Size

783KB
MD5

bc84c4c01121c211a134e4e4324dd545
SHA1

80f58489ab7dc1d054a87f17a0ebe683fc3a8f06
SHA256

370cc60c4179fc666f6dcc8d36cc896ca55cfb83e97ff1fc321a9f334e9acbc9
SHA512

ea31d563644085c35dfc35626985774caaaff7a71835a149bc9b611e039d479158f2128ce94a9a995495b6ef6cb107aaaf28aae45200fc2d67add9c2d02b773f
SSDEEP

12288:jfoZQG1PyUwGh3Q9xRQpR3PvGLxe0DMwRoZQp1PyUwGhxYVv:Tod1twGwkR3PIx7DBoe1twGCv

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc84c4c01121c211a134e4e4324dd545_JaffaCakes118

Files

bc84c4c01121c211a134e4e4324dd545_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.!rc!
Size: 171KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ChW8avWh
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

OZNFY7Rg
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IHJ3KUI5
Size: 294B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0ICFj14c
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AoRE
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ