gh0strat | JaffaCakes118_5348f38d5da6d941fa7ace5eddb245d0 | Triage

Sharing

General

Target

JaffaCakes118_5348f38d5da6d941fa7ace5eddb245d0
Size

156KB
MD5

5348f38d5da6d941fa7ace5eddb245d0
SHA1

fa6c23789e16be41eee183dc6199ff53a42aca8b
SHA256

3c13fdfc8f840fcc62c2310fce7a2e4e51397ac00e6bd98ce24f972530ef7272
SHA512

1daae845424a6908cefe022053cc4fab0bba2058c50dfe8e804911fcc6bfa4cf4149c13f4938799560fa5ca00cacb1606f83d8e3156eec8cb4eabfb071a09292
SSDEEP

3072:aCig2TRyeUf+QPVcr6enHz82vaQW4x65OaJ0sJj52X:acOO+JOeJDWY8VJ0sJjcX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5348f38d5da6d941fa7ace5eddb245d0

Files

JaffaCakes118_5348f38d5da6d941fa7ace5eddb245d0
.exe windows:4 windows x86 arch:x86

3a53fa64e77a3642c97f2e2af68ea245

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetFileTime
LocalFileTimeToFileTime
GetTickCount
GetStartupInfoA
FreeLibrary
LoadLibraryA
OutputDebugStringA
GetModuleHandleA
GetProcAddress
CloseHandle

user32

UpdateWindow
ShowWindow

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
strlen
_except_handler3
strcat
fclose
fwrite
fopen
__CxxFrameHandler
_exit
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ