gh0strat | 3a3d55955f9e7609329e09ebba05f1bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a3d55955f9e7609329e09ebba05f1bc_JaffaCakes118
Size

1.8MB
MD5

3a3d55955f9e7609329e09ebba05f1bc
SHA1

78e7f1e853774a02448597042816327631741fd4
SHA256

0e6824815f9cfe56d9d1f64acaa652ec4c2b72bf3319fcb4b8d060bd1e202fa7
SHA512

9a9960e8d3b10eb3c3223c9b0aae353cb8f507c018647a6ab73123b6354618cf20b244608be3f7893ed252cf39f70126b1db346d325eb65bbffe3909b7ffdea9
SSDEEP

49152:MTmSzZTmSz6TmSzFTmSz5TmSzuTmSz2TmSzPTmSzeTmSz:sdWR9Savi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a3d55955f9e7609329e09ebba05f1bc_JaffaCakes118

Files

3a3d55955f9e7609329e09ebba05f1bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f3477f1ac1047e28598f38183709b64f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

kernel32

SetEndOfFile
GetTempFileNameA
GetLongPathNameA
GetTempPathA
SetEnvironmentVariableA
LoadLibraryA
RaiseException
InitializeCriticalSection
GetTickCount
GetLastError
InterlockedExchange
LeaveCriticalSection
ExitProcess
GetSystemDirectoryA
GetVersionExA
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetProcAddress
GetModuleHandleA
HeapFree
GetProcessHeap
HeapAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
Module32Next
Module32First
FreeLibrary
VirtualProtect
lstrcmpA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetCommandLineA
WinExec
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesExA
lstrcmpiA
LocalAlloc

msvcrt

_strupr
_strlwr
_wcsicmp
_stricmp
_strnicmp
__CxxFrameHandler
_ftol
memmove
ceil
free
malloc
atoi
strchr
rand
srand
time
_except_handler3
wcstombs
_callnewh
strrchr
realloc
strncat
_CxxThrowException
strncmp
sprintf
_errno
atol
wcslen
_beginthreadex
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_memicmp

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumLines
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFromToken
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3477f1ac1047e28598f38183709b64f

Headers

File Characteristics

Imports

ole32

oleaut32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 7KB