gh0strat | 8a1640afa8b0e3716a1ec8a8c3dc62343fd6f4f779f775f2dfbb10cb0aa31f60 | Triage

Sharing

General

Target

8a1640afa8b0e3716a1ec8a8c3dc62343fd6f4f779f775f2dfbb10cb0aa31f60
Size

152KB
MD5

54d497d166e66df61e976f1389949b20
SHA1

9c9ce8282a0ac7e60a8fecef8f859cf444f29cc2
SHA256

8a1640afa8b0e3716a1ec8a8c3dc62343fd6f4f779f775f2dfbb10cb0aa31f60
SHA512

a5f235453b1130a6d03faa46f054e249b40c01ca8984716826a714e63d2cec49561949bd22eee55fd53babdf3aee6de06ff3812f4d44a7805e33b1f018cbaf46
SSDEEP

3072:hwQyDOyAuqDi0zWcCUPu0YYkw1VlBfU+opiSn7P7:hwEy0z7JTYY11VlBM+opvnT7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

8a1640afa8b0e3716a1ec8a8c3dc62343fd6f4f779f775f2dfbb10cb0aa31f60
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ