Behavioral task
behavioral1
Sample
1ec63d0bf7e93a2253f49d5c8c2489c71e3df4aa05452805ad8e1620c0ea632a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1ec63d0bf7e93a2253f49d5c8c2489c71e3df4aa05452805ad8e1620c0ea632a.exe
Resource
win10v2004-20220812-en
General
-
Target
1ec63d0bf7e93a2253f49d5c8c2489c71e3df4aa05452805ad8e1620c0ea632a
-
Size
180KB
-
MD5
48f6263c520e3fe1ddf199b65044605f
-
SHA1
492e2deb2efc6e0761fd10521ff49837d003a497
-
SHA256
1ec63d0bf7e93a2253f49d5c8c2489c71e3df4aa05452805ad8e1620c0ea632a
-
SHA512
a3ba964215ffaffe01e7d0c2a08c7055f717ad405e1e7f734e997e89635239c81b4aff60a9825dcbd81a9814252ad91790a0fb4dd61122c135cf4e9ebaacef18
-
SSDEEP
3072:aRp7Z8wtdFHfdVeHh53lfnZN9uciBM7WpIBCVghTbaesyv:aRp7ioFHfdADHGc20WpwCVghTbaO
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
Files
-
1ec63d0bf7e93a2253f49d5c8c2489c71e3df4aa05452805ad8e1620c0ea632a.exe windows x86
d56a5e78575b5d632698e542b2ac6218
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeLibrary
MoveFileA
FreeResource
SizeofResource
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
lstrcatA
GetSystemDirectoryA
LoadResource
FindResourceA
GetTickCount
GetFileAttributesA
ResumeThread
CreateProcessA
SetLastError
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
GetModuleHandleA
GetStringTypeA
LCMapStringW
LCMapStringA
lstrcmpiA
lstrlenA
lstrcpyA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
SetFilePointer
ReadFile
CloseHandle
GetLastError
GetProcessHeap
HeapFree
Sleep
ExitProcess
DeleteFileA
GetCurrentProcess
LoadLibraryA
SetThreadPriority
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
RtlUnwind
HeapReAlloc
HeapAlloc
RaiseException
GetStartupInfoA
GetVersion
VirtualFree
VirtualAlloc
IsBadWritePtr
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetStringTypeW
user32
wsprintfA
advapi32
CreateServiceA
RegQueryValueExA
GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
StartServiceA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
shell32
SHGetSpecialFolderPathA
netapi32
NetUserGetLocalGroups
NetApiBufferFree
Sections
.text Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 132KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ