gh0strat | JaffaCakes118_566f6e07fdf5e84cecdd1d8d0964ae93 | Triage

Sharing

General

Target

JaffaCakes118_566f6e07fdf5e84cecdd1d8d0964ae93
Size

1.5MB
MD5

566f6e07fdf5e84cecdd1d8d0964ae93
SHA1

97d42ecdb23cb0596a61404940797b9baeca05cb
SHA256

2a142a9dbba0a2f50dfeb5e16e002c39a4f2c5d549c34bc6d3568330c2822271
SHA512

dcf961f4b28f45cc0b3e8348cf72de38990b3070afd074d5efb41c96911d28dba946b884104fbd450c1aa81e8e488453d1c904fe7aa79d264be7b080e984d4b5
SSDEEP

3072:v8D8rUrdScVjFaQegjGOLvtXyWeRATBftSmDhvJ0NsXDhJILW8:g0MjFa4jGYIWeRATBlSmNyY1OLW8

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_566f6e07fdf5e84cecdd1d8d0964ae93

Files

JaffaCakes118_566f6e07fdf5e84cecdd1d8d0964ae93
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ