gh0strat | 4f89f768c37e9e58de25a1dc52666a26054f15cd6c9b40421aaccfba4a590222 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f89f768c37e9e58de25a1dc52666a26054f15cd6c9b40421aaccfba4a590222
Size

152KB
MD5

41176c8bf75b6469141a552079b2d0a4
SHA1

07d662e7544b510a5af3223014b20214f9970a4f
SHA256

4f89f768c37e9e58de25a1dc52666a26054f15cd6c9b40421aaccfba4a590222
SHA512

7d982de6bb6e2fdade49ec80107d554e8f2323f9685a7f05bf282406894d633d65defbef7b6091e07f2dc1618e45ddbfd8ab488fde313667298939a6b2cf0a38
SSDEEP

3072:VORtKm6tPvjUosLefKycXI/vthPCcTBftp5inVP3:ARz6t1sLeCDI//PCcTBlpAnN3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

4f89f768c37e9e58de25a1dc52666a26054f15cd6c9b40421aaccfba4a590222
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE