gh0strat | fb211f7c28a80df6c0cbd4196e46c74f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb211f7c28a80df6c0cbd4196e46c74f_JaffaCakes118
Size

130KB
MD5

fb211f7c28a80df6c0cbd4196e46c74f
SHA1

197a8210ff7edb55d2b110f04e693725b10f9a84
SHA256

47ad37718a313277bcba516a2afdaa7f4504a2eb5bf0ed45126f0b7866732b0a
SHA512

2f92e5fb15cb6059374e5ce762e63ad960ef9c3b276dd59edb897a43a4ce75a921c5b768de0636627a84a7fb2fb87d99c5930e2a6ae9ad0fc49e1641badc965a
SSDEEP

1536:7q4SlDCMzWtQnd7qwIRR6DcBec9eWf6aeGb5ETDTm7l7Ewqkf:pSl2MytwgecBeeeA6aeI5KDTmB7E6f

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb211f7c28a80df6c0cbd4196e46c74f_JaffaCakes118

Files

fb211f7c28a80df6c0cbd4196e46c74f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 816B - Virtual size: 810B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ