gh0strat | 411e2e476c01eae283f4b5ae15a62ee40e5d0c73d0c90c3a28da6989eb2cd410 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

411e2e476c01eae283f4b5ae15a62ee40e5d0c73d0c90c3a28da6989eb2cd410
Size

54KB
MD5

30169ecef41fb4165812f7c4abe4e881
SHA1

e938889f8540e9ab0608cbcc0eabb7d6452a11a0
SHA256

411e2e476c01eae283f4b5ae15a62ee40e5d0c73d0c90c3a28da6989eb2cd410
SHA512

d738ad67537e5cfed33f915d34a1711e3dc9277c86587f79aa92dc4abb4e056e72caea846510df07d6f041a36b6c9638d3cfab7686b0ca2fad550c4b9b479268
SSDEEP

1536:IY5ZNAUp+pGtfaN5WY0xXwBvYcCC/mkWC:n5ZGO/svYcokW

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

411e2e476c01eae283f4b5ae15a62ee40e5d0c73d0c90c3a28da6989eb2cd410
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ