gh0strat | b5aa734fb23c26f92d263dc0e56e0c6f1f7f2f49040fbad50745af46bc3b1028 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5aa734fb23c26f92d263dc0e56e0c6f1f7f2f49040fbad50745af46bc3b1028
Size

152KB
MD5

64372f2d7039d438abe0b0056a5713e0
SHA1

7dfd86d68b7cc4c79a365c20188b5d6befb0b6f0
SHA256

b5aa734fb23c26f92d263dc0e56e0c6f1f7f2f49040fbad50745af46bc3b1028
SHA512

bc5165158731ca09229430e0d28b23f202c84da6052feccfaba5bec9520521bdac0d9d49c052c256439d621f993d5ca394f1835fd17485f30d7b8073abe292b8
SSDEEP

3072:+BPSfxyOmPD8IW4+Pqbs0YPx5zcTBfthHr5VnFPn:+BGyPWbyFYPbzcTBlhHr7ndn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b5aa734fb23c26f92d263dc0e56e0c6f1f7f2f49040fbad50745af46bc3b1028
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ