gh0strat | JaffaCakes118_57d22a6b79d5acc5cf998c8a4c1c4b35 | Triage

Sharing

General

Target

JaffaCakes118_57d22a6b79d5acc5cf998c8a4c1c4b35
Size

37KB
MD5

57d22a6b79d5acc5cf998c8a4c1c4b35
SHA1

182400d197136a41298d08f9c5969aa04705a5dc
SHA256

d1c9a737130972f95391e5b7c8c97d6616a4d10dd8136868a016dd8a4d6a5f12
SHA512

7a2eba3d0e94f60e2453cc8eb0d7d79736c8d6f253b671f031be63a7bc2c8df50a6a80dcaa7846f85651d98e62951078c2e7825c3e2904547ae4860914b5a72d
SSDEEP

768:OhPjT88fvkqKC3/O1abOxZJKtjRATHWLZC9TrA+f7lTbTJTpPZ3q7:OVH8Oku3/4TxZJKtjmqL+Trl5TbTDZ3G

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_57d22a6b79d5acc5cf998c8a4c1c4b35

Files

JaffaCakes118_57d22a6b79d5acc5cf998c8a4c1c4b35
.exe windows:4 windows x86 arch:x86

f683366ddf493cd68d5fc61a44ca3135

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
Sleep
SetUnhandledExceptionFilter
GetModuleFileNameA
ExpandEnvironmentStringsA
SetLastError
lstrcmpiA
lstrlenA
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
ExitProcess
lstrcatA
GetLastError
GetModuleHandleA
GetStartupInfoA

user32

PostThreadMessageA
GetInputState
wsprintfA
GetMessageA

advapi32

CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA

msvcrt

??1type_info@@UAE@XZ
_controlfp
_except_handler3
strchr
fclose
fwrite
fopen
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
strstr
??3@YAXPAX@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ