gh0strat | bfb89a208f2edd2f6642f82572caecf5_JaffaCakes118 | Triage

Sharing

General

Target

bfb89a208f2edd2f6642f82572caecf5_JaffaCakes118
Size

196KB
MD5

bfb89a208f2edd2f6642f82572caecf5
SHA1

7f7084e9706181981606cf41ba8689ba0f38c47a
SHA256

9a7d411a0fc5ff7274a1bae678ade52458534562cb41c6c33e6b67cf3c2dae4a
SHA512

1a983b5fbfeea40072f6529e5a0a9c895446a48631908a2a45dbc3094040f5962dbb38e9dc5096e882e6d3d8c1d4b02dcf106ae88de4012a6761e4c9a4078019
SSDEEP

3072:Ka+tngL8hii3142BZc8yDS95OXGJYjH+k+OwPqq:TohC1S7pJYjH+ku9

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfb89a208f2edd2f6642f82572caecf5_JaffaCakes118

Files

bfb89a208f2edd2f6642f82572caecf5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a0d0f1aa9a5448a09824f5e5d77a8a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
lstrlenA
GetProcAddress
MoveFileA
CreateThread
GetLocalTime
LoadLibraryA
GetModuleFileNameA
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetLastError
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegOpenKeyExA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ