gh0strat | 7bd6bb72369ff7d0d4159e34229f1ddb724f895e8369388101999b77fe5e9a62 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bd6bb72369ff7d0d4159e34229f1ddb724f895e8369388101999b77fe5e9a62
Size

131KB
MD5

afcc198ca46208356357e4635d13130a
SHA1

de3dd18ee2e37cb9f333dfaea43a7c8ce89a54a8
SHA256

7bd6bb72369ff7d0d4159e34229f1ddb724f895e8369388101999b77fe5e9a62
SHA512

e6d8b6235658a15d240c2c64ce2898bbc5c73a42207a7978fe3dbdc0477d501079518310d20f677fba6887a65293ea8ff079948bbd29760d8cc7a1f7d5fc5270
SSDEEP

3072:gu+uqlgByBTEur7VsuRh/DBiE/8bNJFX6ccx+tJdnJ0:g0DyBTE0V1LDw5N3qccqJdnJ0

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

7bd6bb72369ff7d0d4159e34229f1ddb724f895e8369388101999b77fe5e9a62
.exe windows x86

Code Sign

0c:f7:b9:3c:1a:63:f4:49:c2:c8:cf:5a:89:0a:d7:ce:41:e5:15:d6
Signer

Actual PE Digest

0c:f7:b9:3c:1a:63:f4:49:c2:c8:cf:5a:89:0a:d7:ce:41:e5:15:d6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ