gh0strat | 2638f6325d34c401059da0b2c33ba8d8472d7c28869f5bb47aad4122478f310d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2638f6325d34c401059da0b2c33ba8d8472d7c28869f5bb47aad4122478f310d
Size

453KB
MD5

69a0b66fb9fe30eb607dd9371dde9afb
SHA1

57844573cc2f084ca092e56023e4f85b31ab4698
SHA256

2638f6325d34c401059da0b2c33ba8d8472d7c28869f5bb47aad4122478f310d
SHA512

81082ce5502b1622591bf5e7045d96a6f6bc40cabc9776310312bebd0fcd4a5aee37d0986c9619b87809ab4d72d889e85b1f513fc0b7814ffda3a203e28c8061
SSDEEP

6144:uiTLiWBqkL7t9J5Zg3LwvI8qqFfaEc1H2s8CWtDHCQZibeLm/JHERFx:V9Bqkd9rZIkNqqJZc8ZCW99oOm/JkRX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

2638f6325d34c401059da0b2c33ba8d8472d7c28869f5bb47aad4122478f310d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vsp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE