gh0strat | JaffaCakes118_4e1b273409efaa704bc1721a127166d0 | Triage

Sharing

General

Target

JaffaCakes118_4e1b273409efaa704bc1721a127166d0
Size

98KB
MD5

4e1b273409efaa704bc1721a127166d0
SHA1

ba4fd086e28058d9426374717809d7f1b20e990f
SHA256

56dc37020648a0dbbc1d5126b4e87de1c83e62a28f66ab15da24cd875fc96c47
SHA512

70dff1358373cd7fdc815cf8726ef3d7f1a428a94dc5bbba1825c5bc06ebfdb36b912822358bbaf58e363f91c56d3f69aa5b72908cf0c9d5ae9f2d35b1574ba7
SSDEEP

3072:/Ad6qZLVZFOnHlFVB4MkwaCmTw+dj3dgkv:IdtdVKbVST/CCw+p3dP

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4e1b273409efaa704bc1721a127166d0

Files

JaffaCakes118_4e1b273409efaa704bc1721a127166d0
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceAV1
ServiceAV2
ServiceAV3
ServiceAV4
ServiceAV5
ServiceMa

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.kylin
Size: 1024B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE