gh0strat | 390a02e9e759dee7e98a8b183a7af93e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

390a02e9e759dee7e98a8b183a7af93e_JaffaCakes118
Size

1.5MB
MD5

390a02e9e759dee7e98a8b183a7af93e
SHA1

71d881aac568ecfd0c45928d422320fb66c2b567
SHA256

beacdc7f3d4858ec8254ec03a5f5fbe5f40bc355f08702527579a965986cec70
SHA512

ae0cf2627ade3cb2a462086081a8790e4f8c15d46be80ebc3012bb161a2ad87c691baf15b93d0d83352472fa64926f996d8eaf66cdd40f2c699c68b2cafcf074
SSDEEP

24576:Pq6cwVQQxfnr+TK7r79/ZzvVsFRkzisM5i4A:PqH

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
390a02e9e759dee7e98a8b183a7af93e_JaffaCakes118

Files

390a02e9e759dee7e98a8b183a7af93e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ