gh0strat | fa2540a12ddd0b915111d7107f6bd3f03f2b15b931136cd9d74d98a2860ac1c0

Sharing

Copy URL Twitter E-mail

General

Target

fa2540a12ddd0b915111d7107f6bd3f03f2b15b931136cd9d74d98a2860ac1c0
Size

587KB
MD5

141c6bcd9a9e70e449f9576b20d7cc31
SHA1

594b3726504f202e77f1488ffa4af3a9b1f54b95
SHA256

fa2540a12ddd0b915111d7107f6bd3f03f2b15b931136cd9d74d98a2860ac1c0
SHA512

cee2b96d8ada840e1e1129b1ca6801b2578bd55d199448f3241c55b2fa25e7fc8ce79c99d067317f50b4bb6be2ebb1e3845908f865a4583a2b6ef0d0ade99889
SSDEEP

12288:zcjrLQhTeGDF1r+TStBXvWyZ4uVNedGaHoM56ClXj/:zcjeTeGDF1r+TStBXhZPVNXkoM5/Xj/

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

fa2540a12ddd0b915111d7107f6bd3f03f2b15b931136cd9d74d98a2860ac1c0
.exe windows x86

d36554f4410db0ce993ec1f070f6a483

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capGetDriverDescriptionA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

kernel32

GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetVersion
GlobalLock
GlobalMemoryStatus
GetTickCount
GetSystemInfo
GetModuleFileNameA
GetStartupInfoA
OpenProcess
Process32Next
GlobalUnlock
GlobalFree
HeapAlloc
HeapFree
MultiByteToWideChar
Sleep
DeviceIoControl
GetCurrentProcess
MoveFileA
LocalAlloc
FindFirstFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
InterlockedExchange
lstrcpyA
ResetEvent
WideCharToMultiByte
LeaveCriticalSection
LoadLibraryA
GetProcAddress
GetPriorityClass
LCMapStringW
LCMapStringA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CloseHandle
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
EnterCriticalSection
DeleteCriticalSection
RtlUnwind
ExitProcess
TerminateProcess
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA
GetCommandLineA
TlsAlloc
SetLastError
RaiseException
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection

gdi32

CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

LookupAccountNameA
LsaClose
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
IsValidSid

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

winmm

waveInGetNumDevs
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveOutPrepareHeader
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveInStop
waveInOpen

urlmon

URLDownloadToFileA

netapi32

NetLocalGroupAddMembers
NetUserAdd

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.test
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ABCDr��
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d36554f4410db0ce993ec1f070f6a483

Headers

File Characteristics

Imports

avicap32

wininet

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

urlmon

netapi32

psapi

wtsapi32

Sections

.test Size: 487KB - Virtual size: 486KB

.data Size: 34KB - Virtual size: 502KB

.rsrc Size: 59KB - Virtual size: 59KB

ABCDr�� Size: 5KB - Virtual size: 5KB

Size: 512B - Virtual size: 512B

.test
Size: 487KB - Virtual size: 486KB

.data
Size: 34KB - Virtual size: 502KB

.rsrc
Size: 59KB - Virtual size: 59KB

ABCDr��
Size: 5KB - Virtual size: 5KB