JustTempFun
Behavioral task
behavioral1
Sample
81e46be0cb151d66b5bd422528ffab37_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
81e46be0cb151d66b5bd422528ffab37_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
81e46be0cb151d66b5bd422528ffab37_JaffaCakes118
-
Size
84KB
-
MD5
81e46be0cb151d66b5bd422528ffab37
-
SHA1
d71ac138dbfa069c88e9aa239d55c94dfa088c42
-
SHA256
61f68d3d924510e7c83516699349c45308dec2485d15bcee111ee3bb6ada5717
-
SHA512
1c1722f9e70d2f61494a20edda32639183e357cafa3741cef8853b5a9246d63bfb5446e5166fc21dbd3baa1bffe02429947aaf03d07955b24a512953506e6d23
-
SSDEEP
1536:Tyn/zLB79H6r7Tw9NdFJOSL+YQtfAEAif0GweFcoAjfMG8npPEe8qZJYqZRt:Tyn/zL76r7Tw9NdFJOpl3fQeFDADMG8B
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 81e46be0cb151d66b5bd422528ffab37_JaffaCakes118
Files
-
81e46be0cb151d66b5bd422528ffab37_JaffaCakes118.exe windows:4 windows x86 arch:x86
450862660bd786726387f19d70e667fd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
CreateDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
lstrcmpA
DeleteFileA
GetFileAttributesA
SetLastError
lstrcmpiA
lstrcpyA
FindResourceA
LoadResource
SetFileTime
SizeofResource
lstrlenA
CloseHandle
GetProcAddress
MultiByteToWideChar
ExitProcess
GetSystemDirectoryA
lstrcatA
GetLastError
GetTempPathA
GetWindowsDirectoryA
FreeLibrary
LoadLibraryA
SetFileAttributesA
user32
GetMessageA
PostThreadMessageA
wsprintfA
GetInputState
advapi32
RegCloseKey
CreateServiceA
CloseServiceHandle
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
StartServiceA
OpenServiceA
OpenSCManagerA
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_except_handler3
realloc
malloc
strlen
strchr
strcat
memset
memcpy
??2@YAPAXI@Z
strcspn
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strcmp
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
netapi32
NetUserGetLocalGroups
NetApiBufferFree
Exports
Exports
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ