gh0strat | 23a4399a3d5f2774f60d995037afb215defe79832bf8461038b5ee52a08025e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23a4399a3d5f2774f60d995037afb215defe79832bf8461038b5ee52a08025e2
Size

260KB
MD5

b1f6f0a2bd756d6a309ebb21ddb37d5d
SHA1

e078a316c3705e7b0ffb04d251ecf6abe0e01e93
SHA256

23a4399a3d5f2774f60d995037afb215defe79832bf8461038b5ee52a08025e2
SHA512

ad6878a850ad1a1a18cd71297e72055d45cdb59f0d742d7a380a6551cbc55e85df3644698bde51348179813da30b1fa017b7e11ffc5aee96b547aea582571606
SSDEEP

3072:Glys+BwtF+LOUp6YT4a0pxNbWwIKsYSSCRJajBEkjUuViXEFUkSw81ShLOUpjXLj:Gc5bAYUaosYS37aykzVciUkSw81yX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

23a4399a3d5f2774f60d995037afb215defe79832bf8461038b5ee52a08025e2
.exe windows x86

ec4ed1db2686e010c9dd5d27306f859e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryExA
CloseHandle
FreeResource
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
WaitForSingleObject
CreateEventA
lstrcatA
GetWindowsDirectoryA
GetModuleHandleA
LoadLibraryA
GetLastError
RaiseException
InterlockedExchange
GetStartupInfoA
LocalAlloc
FreeLibrary

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
exit
_XcptFilter
_exit
srand
rand
sprintf
_acmdln

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ