gh0strat | f2558df89b7939072cacca03cd4b6cde0bc8f4ab629fe616d68c8c9676477a86

Sharing

Copy URL Twitter E-mail

General

Target

f2558df89b7939072cacca03cd4b6cde0bc8f4ab629fe616d68c8c9676477a86
Size

32KB
MD5

6b422f7c6a7cba896bd77b20fbfc4878
SHA1

56f4367abcbdbf699b8ae92e632f7f1c816bd9bb
SHA256

f2558df89b7939072cacca03cd4b6cde0bc8f4ab629fe616d68c8c9676477a86
SHA512

f985a5e53eb166615c0ca9f9ba2dd09d79fc7d5a459d3d3d11603e84221fdad6a8cc85150f396fbff30eeb5311139b24abb19cdb6c003f7c2ea3025d04de2bbe
SSDEEP

384:mpsA3BxWQCSwHycS0aV7cR7c5CDpv7h8MFomhsk0TTOXfBB2VhghIDjmZ:mpsARxTCPpS0gGcYl7h8QFvXfBWghMyZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

f2558df89b7939072cacca03cd4b6cde0bc8f4ab629fe616d68c8c9676477a86
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

a2222
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

b3333
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

a4444
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

7CCC222
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

c5555
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

F6666
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

af9999
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAAAAA11
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

a2222 Size: 1KB - Virtual size: 1KB

b3333 Size: 3KB - Virtual size: 2KB

.text Size: 25KB - Virtual size: 24KB

a4444 Size: 5KB - Virtual size: 4KB

7CCC222 Size: 1024B - Virtual size: 864B

c5555 Size: 2KB - Virtual size: 2KB

F6666 Size: 512B - Virtual size: 400B

af9999 Size: 1KB - Virtual size: 1KB

AAAAAA11 Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 2KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

a2222
Size: 1KB - Virtual size: 1KB

b3333
Size: 3KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

a4444
Size: 5KB - Virtual size: 4KB

7CCC222
Size: 1024B - Virtual size: 864B

c5555
Size: 2KB - Virtual size: 2KB

F6666
Size: 512B - Virtual size: 400B

af9999
Size: 1KB - Virtual size: 1KB

AAAAAA11
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 2KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB