gh0strat | 1112c9c11cd18d7412c1ff88ea26bb14_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1112c9c11cd18d7412c1ff88ea26bb14_JaffaCakes118
Size

104KB
MD5

1112c9c11cd18d7412c1ff88ea26bb14
SHA1

1a34209b358c37cb3d9f91f868e752ddc465258f
SHA256

b86417203ff4476bdcd9fe0422e87b2454ae179483be69cc6f624f385c2cc177
SHA512

493cd79857ecb4ebb1051c7dd9ed6844ae297e55aaa3ceb04df10299bec443fcf4a49acf5fa9a3b7eec549c065cf5de9a48ca9d52f24e4bdb13c66ab84774027
SSDEEP

1536:KAFa3/ythxowIdSgb+rb516csuRci/APfBiE/uP2ow7hJFXJ:bFyATE+H7VsuRh/oBiE/3bNJFXJ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1112c9c11cd18d7412c1ff88ea26bb14_JaffaCakes118

Files

1112c9c11cd18d7412c1ff88ea26bb14_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.Silvana
Size: 336B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ