gh0strat | f5274b22fc4fc29be34ba813d75465067defc5456981e8efd2cc48cd723c3629 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5274b22fc4fc29be34ba813d75465067defc5456981e8efd2cc48cd723c3629
Size

74KB
MD5

648bd48d94c3c52226c0d92fdcc31400
SHA1

72dce4a3ef4449a3cbfb8f4eeb85b8adf5b98636
SHA256

f5274b22fc4fc29be34ba813d75465067defc5456981e8efd2cc48cd723c3629
SHA512

7edad4e118f579387637764a0b8f43344ba65a5d979eae5d5c4795ce607b820aac6ffebef0d8a4c2727c50e2df01ee93094ad63602b6865ba498d4e7eff8e087
SSDEEP

1536:sH97SasXGmB5oN6jIKnaoZXDlc8SGTfhuEnUcUyrZ:sdrw5IKaolDlfSGzhuELUkZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

f5274b22fc4fc29be34ba813d75465067defc5456981e8efd2cc48cd723c3629
.exe windows x86

017e2db6cb79659fd22f2b831f8655ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
ResetEvent
lstrcpyA
SetEvent
Sleep
CreateProcessA
lstrlenA
FreeLibrary
ExitThread
CreateThread
GetTickCount
WinExec
GetModuleFileNameA
OpenEventA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc

msvcrt

_onexit
__dllonexit
free
__CxxFrameHandler
calloc
_beginthreadex
strchr
strncat
exit
printf
time
srand
strstr
atoi
_except_handler3
malloc
strrchr
??2@YAPAXI@Z
_ftol
ceil
memmove
??3@YAXPAX@Z
rand
_strnicmp

mfc42

ord800
ord2764
ord4129
ord6648
ord537
ord926
ord924
ord922
ord535
ord858
ord6663
ord860
ord4278
ord2818
ord939
ord6877
ord540

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ