gh0strat | c97f5e4deef00f4e8286d4c1b27b660c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c97f5e4deef00f4e8286d4c1b27b660c_JaffaCakes118
Size

152KB
MD5

c97f5e4deef00f4e8286d4c1b27b660c
SHA1

6a44c4b03fd0b262d9cd6e86920e8516b6c808a3
SHA256

97e32d35e32121b73a545b78dfa77b54f7c1167c1737c6ebc27b7dec51756bc3
SHA512

cb6199b225dc38ef22ba0794b6585888302fdefd029811338b7b3cd789727a964c3f749f563426c169bf62c59390cdd4e72e678820542b1b6f28016ffe84e755
SSDEEP

3072:J4NlWA661UsP6UToXm/VOoaz+XTBftlZkSunD0:J4LWIx7oXmOF+XTBlkSunD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c97f5e4deef00f4e8286d4c1b27b660c_JaffaCakes118

Files

c97f5e4deef00f4e8286d4c1b27b660c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ