gh0strat | 58c71e5c379010d8f97afc212b6db09da880b6cff2b4666300f998513be64c3d

Sharing

Copy URL Twitter E-mail

General

Target

58c71e5c379010d8f97afc212b6db09da880b6cff2b4666300f998513be64c3d
Size

1.1MB
MD5

388e50431a75d3a6cc0db2c778d0f2fc
SHA1

440bfc2647ccb5595a81ee01bb9b94dd63b11694
SHA256

58c71e5c379010d8f97afc212b6db09da880b6cff2b4666300f998513be64c3d
SHA512

37bb4a331605749ca92b1e29ca825efd34ddca07919aa11b57a99d1370f55b40129ac76ce16a1e9849072e7dd8451bd00456a8099cf94a830acf930dae2d2cec
SSDEEP

24576:ZlZskR3PIx7DvPoiAMIt/njiEAJ7sDo/Q0Xe31twGM:Zjs+CvNATiEAp/OFD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

58c71e5c379010d8f97afc212b6db09da880b6cff2b4666300f998513be64c3d
.exe windows x86

5f2df7257758bf2707e2911007001ebd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
CreateThread
LoadLibraryA
FindResourceA
GetModuleHandleA
LocalAlloc
LocalFree
GetCommandLineW
GlobalAlloc
GlobalFree
SetEvent
CreateProcessA
ExitProcess
GetTickCount

user32

GetClientRect
GetWindowRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ShowWindow
UpdateWindow
CreateWindowExA
LoadBitmapA
SendMessageA
DestroyWindow

Sections

.!rc!
Size: 81KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ChW8avWh
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

OZNFY7Rg
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IHJ3KUI5
Size: 294B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0ICFj14c
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AoRE
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dyamarC
Size: 355KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dyamarD
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f2df7257758bf2707e2911007001ebd

Headers

File Characteristics

Imports

kernel32

user32

Sections

.!rc! Size: 81KB - Virtual size: 176KB

ChW8avWh Size: 3KB - Virtual size: 4KB

OZNFY7Rg Size: 300KB - Virtual size: 304KB

IHJ3KUI5 Size: 294B - Virtual size: 4KB

0ICFj14c Size: 14KB - Virtual size: 24KB

.AoRE Size: 1KB - Virtual size: 2KB

.data Size: 88KB - Virtual size: 280KB

.dyamarC Size: 355KB - Virtual size: 628KB

.dyamarD Size: 16KB - Virtual size: 16KB

.rsrc Size: 284KB - Virtual size: 284KB

.!rc!
Size: 81KB - Virtual size: 176KB

ChW8avWh
Size: 3KB - Virtual size: 4KB

OZNFY7Rg
Size: 300KB - Virtual size: 304KB

IHJ3KUI5
Size: 294B - Virtual size: 4KB

0ICFj14c
Size: 14KB - Virtual size: 24KB

.AoRE
Size: 1KB - Virtual size: 2KB

.data
Size: 88KB - Virtual size: 280KB

.dyamarC
Size: 355KB - Virtual size: 628KB

.dyamarD
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 284KB - Virtual size: 284KB