gh0strat | 154c8a95fd4d6ad0bf8eab2b6cc59f10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

154c8a95fd4d6ad0bf8eab2b6cc59f10_JaffaCakes118
Size

1.2MB
MD5

154c8a95fd4d6ad0bf8eab2b6cc59f10
SHA1

015ba438883b0940b5eaabe8c96e3818a4ab14e9
SHA256

cff9091d1888678fc961e8eea3a1afe74870247d4a08f24aa12834694851dc93
SHA512

380ad9698fa392317b48e463216fb0bba33e250ddd36a2c9f6467ad6fb718f7bc34f727d4534f5fddda44e690177c2ccc41de137b88f0e171a600bd7f07b750c
SSDEEP

24576:EZVzM+tK/2r7VT3Z/T3ZGtK/2r7VT3ZlT3ZbtK/2r7VT3ZYr7VT3ZDZVzY:uTpTsT/TLTETW

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
154c8a95fd4d6ad0bf8eab2b6cc59f10_JaffaCakes118

Files

154c8a95fd4d6ad0bf8eab2b6cc59f10_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DhcpAddServerDS
DhcpDeleteServerDS
DhcpDsAddServer
DhcpDsCleanupDS
DhcpDsDelServer
DhcpDsEnumServers
DhcpDsGetAttribs
DhcpDsGetLists
DhcpDsGetRoot
DhcpDsInitDS
DhcpDsSetLists
DhcpDsValidateService
DhcpEnumServersDS
StoreBeginSearch
StoreCleanupHandle
StoreCollectAttributes
StoreCreateObjectVA
StoreDeleteObject
StoreEndSearch
StoreGetHandle
StoreInitHandle
StoreSearchGetNext

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ