gh0strat | f074a83267bf905bfdece404c4af90b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f074a83267bf905bfdece404c4af90b1_JaffaCakes118
Size

30KB
MD5

f074a83267bf905bfdece404c4af90b1
SHA1

0d4a598d1d7beb50ae77532ead3f1bb3e569b5db
SHA256

7897a41e8d33ed1bbb1cdc3411001d8fdf315f2b357ce7a67068b7c0d19c3b68
SHA512

3c5d6b06d50fd4db86ac3ecbdc638ce99538b371e524cb65e0fc752abec2cc6e22f4e67fe993e7bfbe715699bd0b483b3b1ef077bcc6b5381fcb92eef000e9d7
SSDEEP

768:YHmfevA2wvPq1xEmpA/uw3N4eUxHJhb3rKXa:T+wvlaA/z3BUxzb3m

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f074a83267bf905bfdece404c4af90b1_JaffaCakes118

Files

f074a83267bf905bfdece404c4af90b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d34d5210bd5c0e6c45e636ae869679a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SizeofResource
CreateFileA
LoadResource
FindResourceA
GetLastError
OpenProcess
Process32Next
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
GetProcAddress
CloseHandle
FreeLibrary
lstrlenA
LoadLibraryA
GetEnvironmentVariableA
GetModuleFileNameA
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
GetSystemDirectoryA
FreeResource
WinExec
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
OpenProcessToken

msvcrt

realloc
malloc
fclose
fprintf
fopen
printf
_stricmp
sprintf
strrchr
strchr
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ