gh0strat | 916b8f35dc063eda07dc3510bc1ede85181e271ba3ffdf66fea70f6efd8f6980

General

Target

916b8f35dc063eda07dc3510bc1ede85181e271ba3ffdf66fea70f6efd8f6980
Size

160KB
MD5

095aaf8a346375b21d764263dbcb6fed
SHA1

924766c603f4b791a3dff61355850de94e27cb8e
SHA256

916b8f35dc063eda07dc3510bc1ede85181e271ba3ffdf66fea70f6efd8f6980
SHA512

88822c84d2820f4d63eaff30d5a71ac785738345d728a1999f39d44c34da330ecb850a3a136ba45118a6eb1ef770ad796daefb7cde9572e99feb75f5fece725b
SSDEEP

3072:VLmiWPqyB5l3velrtzEAuD+VI440oAm044HJKl:K3/elrV8+4xT4HJKl

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

916b8f35dc063eda07dc3510bc1ede85181e271ba3ffdf66fea70f6efd8f6980
.exe windows x86

f76204e9abbc43cf22ec93faf4cc0618

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetLocalTime
Sleep
CreateThread
FreeLibrary
GetCurrentProcessId
HeapAlloc
GetProcessHeap
MoveFileA
lstrcatA
lstrlenA
MultiByteToWideChar
GlobalUnlock
lstrcpyA
CloseHandle
GetLastError
GetCurrentProcess
GetModuleFileNameA
GetVersionExA
OpenProcess
GetStartupInfoA
LocalAlloc
InterlockedExchange
RaiseException
GetModuleHandleA

msvcrt

_ftol
strstr
rand
sprintf
strncpy
strchr
malloc
free
_except_handler3
ceil
atoi
wcscpy
strncmp
_errno
exit
strncat
atol
_beginthreadex
calloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
_iob
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strupr
_strnicmp
_strrev
memmove
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strrchr
memcpy

urlmon

URLDownloadToFileA

netapi32

NetUserAdd
NetLocalGroupAddMembers

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart

userenv

CreateEnvironmentBlock

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f76204e9abbc43cf22ec93faf4cc0618

Headers

File Characteristics

Imports

kernel32

msvcrt

urlmon

netapi32

msvfw32

userenv

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB