Behavioral task
behavioral1
Sample
c1ed9d0a4b62627f2fc3d4f1df1b7b15_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c1ed9d0a4b62627f2fc3d4f1df1b7b15_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c1ed9d0a4b62627f2fc3d4f1df1b7b15_JaffaCakes118
-
Size
111KB
-
MD5
c1ed9d0a4b62627f2fc3d4f1df1b7b15
-
SHA1
b5c10d044557ae2ddf9a6d87b8d71a91e9e758aa
-
SHA256
b5695fb00d177566e45eaf2138beb96c3d6bc28bb72cb5823d0b68646c9e53d3
-
SHA512
0fb3e63f44a1f71c1964bcdb86178070fee8fe29761eba568bdea76e0855c970c011285e85b4f6bbbca7a9a7f44a3d82f3689346a51e4c892e0c36c2ade4ace8
-
SSDEEP
3072:5a7WZsGA6P1XhkUVg8H8pd9Ti6mki1z3:5a7ssOtx1geCd9i6Vi1b
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c1ed9d0a4b62627f2fc3d4f1df1b7b15_JaffaCakes118
Files
-
c1ed9d0a4b62627f2fc3d4f1df1b7b15_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ