gh0strat | bfac46632334d820f1c8c40ab314f073_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfac46632334d820f1c8c40ab314f073_JaffaCakes118
Size

164KB
MD5

bfac46632334d820f1c8c40ab314f073
SHA1

dcae40e93542912f6eb8b06a02a9fe1d6ad56218
SHA256

5ef3504d251d421efcabbc645fcf64b373fe9bc06a4346635f8dd22637ba96ec
SHA512

3ba5d8185878873a9f7a8eb7d7fc008e55e0803218e70ca60d659f905de1bab29a8076c44392de784f54050010b3c6ad3d3704df8835fa2efb126a53b10f2b3a
SSDEEP

3072:uAXNVi6UT+T4AF8l7wcfxoWsmAaPdir0GalkIwO5jdr:uAL8CSfWyxdAolkIwOx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfac46632334d820f1c8c40ab314f073_JaffaCakes118

Files

bfac46632334d820f1c8c40ab314f073_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71e07ab929e12fbf4112496a8f8157d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
LockResource
GetProcAddress
LoadLibraryA
WaitForSingleObject
GetModuleHandleA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

msvcrt

__setusermatherr
_adjust_fdiv
_initterm
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
__p__commode

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text