gh0strat | bf21ac21bf9c97c5ab8dfb00fdb527fb24fea9b808d3e002fc62b010462985f5

Sharing

Copy URL Twitter E-mail

General

Target

bf21ac21bf9c97c5ab8dfb00fdb527fb24fea9b808d3e002fc62b010462985f5
Size

104KB
MD5

f54753d35eb6dc675fb4e397d43c109c
SHA1

41392dc88e85b64af5105c327d73456eedfc7cc8
SHA256

bf21ac21bf9c97c5ab8dfb00fdb527fb24fea9b808d3e002fc62b010462985f5
SHA512

d7e711c8c3c48ed2ec9a3469995f65dc2887df3c503410bbcc848251f1dceaeef6adf0d6d9f9f51465d1f2298046b7c1381144406475056857d77fc49978c3ed
SSDEEP

3072:3aMWVU0yJR1w4dKZUVc+qJwVU6qQ7MO2J7Q:KMWVUtD24dmGJVVrXAfJ7Q

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

bf21ac21bf9c97c5ab8dfb00fdb527fb24fea9b808d3e002fc62b010462985f5
.exe windows x86

9d2b1840cf2d6fe9105ea6541babe953

Code Sign

10:85:ff:d3:42:7f:aa:d7:cb:67:db:0e:26:1e:be:9b:5a:3c:d4:59
Signer

Actual PE Digest

10:85:ff:d3:42:7f:aa:d7:cb:67:db:0e:26:1e:be:9b:5a:3c:d4:59

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
lstrcatA
GetTempPathA
GetFileAttributesA
GetSystemDirectoryA
LocalFileTimeToFileTime
lstrlenA
GetModuleFileNameA
SetUnhandledExceptionFilter
ReleaseMutex
GetLastError
CreateMutexA
GetCommandLineA
GetCurrentThreadId
SetFileTime
SizeofResource
WriteFile
CloseHandle
MoveFileA
SetFileAttributesA
DeleteFileA
ExitProcess
Sleep
OutputDebugStringA

user32

GetMessageA
EnumWindows
GetClassNameA
SetWindowPos
PostThreadMessageA
GetInputState

advapi32

RegCreateKeyExA
RegCloseKey
StartServiceA
ControlService
ChangeServiceConfigA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegSetValueExA

msvcrt

_mbsstr

Sections

ASPack
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ASPack
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ASPack
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d2b1840cf2d6fe9105ea6541babe953

Code Sign

10:85:ff:d3:42:7f:aa:d7:cb:67:db:0e:26:1e:be:9b:5a:3c:d4:59Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

ASPack Size: 2KB - Virtual size: 2KB

ASPack Size: 1KB - Virtual size: 1KB

.rsrc Size: 99KB - Virtual size: 99KB

ASPack Size: 2KB - Virtual size: 2KB

10:85:ff:d3:42:7f:aa:d7:cb:67:db:0e:26:1e:be:9b:5a:3c:d4:59
Signer

01/01/0001, 00:00
Valid: false

ASPack
Size: 2KB - Virtual size: 2KB

ASPack
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 99KB - Virtual size: 99KB

ASPack
Size: 2KB - Virtual size: 2KB