gh0strat | 01aa0a89b8b402514948760e54fd4024_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01aa0a89b8b402514948760e54fd4024_JaffaCakes118
Size

684KB
MD5

01aa0a89b8b402514948760e54fd4024
SHA1

1dbbf734fe5184e3a9e2bce0ac8efd4ddc24bc53
SHA256

e5deb64b3944c799fe839add39ae2bceff097c47b289e54fd1285e48b2b3ebb6
SHA512

4485d9fe7f5c29500093e24c7ba6ce95c828d4045d1afaba778212978b1ba2789bb3679731239605df12e8f3351c3db0c8fa595ef634ab81ab32619d3493754a
SSDEEP

3072:B6zQH3gccRUz3PdGez2wW8JFKMTBftsx/JJg6BOiD47y:gUH3yCfUeO0KMTBlsxJ2RiE7y

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01aa0a89b8b402514948760e54fd4024_JaffaCakes118

Files

01aa0a89b8b402514948760e54fd4024_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CoCreateActivity
CoEnterServiceDomain
CoLeaveServiceDomain
CoLoadServices
ComSvcsExceptionFilter
ComSvcsLogError
CosGetCallContext
DispManGetContext
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetMTAThreadPoolMetrics
GetManagedExtensions
GetObjectContext
GetTrkSvrObject
MTSCreateActivity
MiniDumpW
RecycleSurrogate

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ