gh0strat | d6e8637ca30a51258c19b893284a6579_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6e8637ca30a51258c19b893284a6579_JaffaCakes118
Size

203KB
MD5

d6e8637ca30a51258c19b893284a6579
SHA1

29ccd4f777aad67613520401bce12e5fb6dea46f
SHA256

42bc33347ad8d18d0fe4cd9a0cb0df75c70fb8e43a063a151220e7656eef9caa
SHA512

5dcb5a3f73611fcd1ba6c911aab1e774630e8578d56e576b40ac0ba23492dee1b9fc99fa6b6dab0fb95fb65863c31ca1cefb1a298e4ff4ab788a2fc447d5a380
SSDEEP

6144:AsYy5nW8QH5BGyPWbyFYPbzcTBlhHrzndntAdY:1rW8MebEYPbzcT32G

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6e8637ca30a51258c19b893284a6579_JaffaCakes118

Files

d6e8637ca30a51258c19b893284a6579_JaffaCakes118
.exe windows:0 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NewSec
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE