gh0strat | ffb9fcfc9abc49c83c38b7a60068f28a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffb9fcfc9abc49c83c38b7a60068f28a_JaffaCakes118
Size

99KB
MD5

ffb9fcfc9abc49c83c38b7a60068f28a
SHA1

0aa21e3663266c0e68c5455c0cda5da4a2e5033b
SHA256

16c349e435fc1a824621ad17a97f9222ccc7a2d400adb8fbcf06da402c07cfa1
SHA512

6ec97bbe3b45540809ca5be54c2dc0eef55e76cc8f4eb3b222072ca81925d79f0a8febe9f3248187d5ec32586b6e9fa6682638bdc6349d37341f82e96caf7270
SSDEEP

3072:TfYQg/wMURUQctaceq0tu3/f1IkUM/YU1O:jYD/w49a/FUf1HUM0

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffb9fcfc9abc49c83c38b7a60068f28a_JaffaCakes118

Files

ffb9fcfc9abc49c83c38b7a60068f28a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ResetSSDT
ServiceMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ