gh0strat | c0b9e849609ba59c4678193e6773f161_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0b9e849609ba59c4678193e6773f161_JaffaCakes118
Size

118KB
MD5

c0b9e849609ba59c4678193e6773f161
SHA1

69464e616e13cd01ea3a748ed15ef0075e76c66d
SHA256

1a74eb532f732340de778487e7826f99da02f1ea730a0def399dda3973d0e618
SHA512

06933bc90e8ddcd3032a3f031e3c335d72b94cd56f9eb92961ea8642ab771930224dbf69be5ac206dd943f5aa2e37d9213721d0e76d01737095f5858286c02b3
SSDEEP

3072:f225Sy5aX1to9fOBqwTUoMtacdqA6Tw3+A6DUp5Ju1kE:O25Sy5S1t6fO41ak5uw3+A6IAX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

c0b9e849609ba59c4678193e6773f161_JaffaCakes118
.exe windows:0 windows x86 arch:x86

Code Sign

11:af:28:14:42:7f:82:ba:46:04:40:ca:66:6c:74:95
Certificate

Issuer

CN=Qizhi Software (beijing) Co. Ltd

Not Before

31/12/2007, 16:00

Not After

31/12/9998, 16:00

Subject

CN=Qizhi Software (beijing) Co. Ltd

c1:74:21:75:01:51:1e:45:2c:c9:1c:c6:94:96:90:20:82:c7:01:8e
Signer

Actual PE Digest

c1:74:21:75:01:51:1e:45:2c:c9:1c:c6:94:96:90:20:82:c7:01:8e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

�p��
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ