gh0strat | bef563d6f91fc4cb7f038ead74d86309_JaffaCakes118 | Triage

Sharing

General

Target

bef563d6f91fc4cb7f038ead74d86309_JaffaCakes118
Size

426KB
MD5

bef563d6f91fc4cb7f038ead74d86309
SHA1

111426bc504fde5a376f2acec1a02f8d21e1c323
SHA256

ccc1009362f2cac4dd44285190ce28df252ef95bf4dcc2e094ae18d5929427c4
SHA512

3e7cde075e23b236f9b2778b6b1a303643f70bffa0e6b778df9ed42a663caa1ad0d4e429495dc5c5ed07fccd6e674a503eb4b4dfcb479fda9ba4a067c61dc050
SSDEEP

6144:qexrS9j0YKTs4KOxXF2idZecnl20lHRxp3gYRpqY/E1CU8fBIlHh+F9WuvEhK:xxrE0lnF3Z4mxxpRprMoU8fWlhapX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bef563d6f91fc4cb7f038ead74d86309_JaffaCakes118

Files

bef563d6f91fc4cb7f038ead74d86309_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE