gh0strat | 21bff97038cc027a65e1ee4e06f05820c53ee8012965f0ae6643dc8ba36e4849 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21bff97038cc027a65e1ee4e06f05820c53ee8012965f0ae6643dc8ba36e4849
Size

379KB
MD5

62a0c255528d26bf1b205857d61916c0
SHA1

85f4e73e6dcf118a7941612fff47aaf5186e8f10
SHA256

21bff97038cc027a65e1ee4e06f05820c53ee8012965f0ae6643dc8ba36e4849
SHA512

0cedcdbfc15dbf5ec84e6e274e97b4ebb42f13a3c4bf75b08ad57800ec9c7c562ff60329ccc3bcf02c9bb531a11b5a520fedc5cd4aa553daa8f1ff631b1a267c
SSDEEP

6144:ic3G3hB0wRWvl2M6SqTcZGeBP838m9ANWYF1fnV7Ztmffk6wPKYeeqo:SsNt6BIR9vzfhmfc4w

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

21bff97038cc027a65e1ee4e06f05820c53ee8012965f0ae6643dc8ba36e4849
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.se0
Size: - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.se1
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.se2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE