gh0strat | 14e90c82c6b95dc429c8a124b436954ca29e1392c2645ee216804e4309e9f7ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e90c82c6b95dc429c8a124b436954ca29e1392c2645ee216804e4309e9f7ab
Size

100KB
MD5

04acbcb0cf799787f1f1906174c9c7e5
SHA1

975ba7bea30ca3ec1e7845868ffbbf53591aade6
SHA256

14e90c82c6b95dc429c8a124b436954ca29e1392c2645ee216804e4309e9f7ab
SHA512

dd46bfedd549cb7816645076709dae17b1dca5f63655cca04d810c7248c0aa7cfc1d1eb166849ec38254fea055f8c8c4275fbf75188229652b66099dbf0dd0a9
SSDEEP

3072:KtwZSQdKa3VGVnpUl8z7l4/9xpEAhP5Ouyce5iG:KIJVGpT49b/rOuyce4G

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

14e90c82c6b95dc429c8a124b436954ca29e1392c2645ee216804e4309e9f7ab
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

EndWork
Runing
`erviceMain
Working

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Zero
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE