gh0strat | e561bfec4da9710685cc7b2f0ce1d07a415930bc65bb154f63980d1ead87a92a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e561bfec4da9710685cc7b2f0ce1d07a415930bc65bb154f63980d1ead87a92a
Size

148KB
MD5

80a5b31c3a2a63fb8a3bab2ed005ad20
SHA1

18521fae09ca9e034cd3ed9917697dc6b7ac488b
SHA256

e561bfec4da9710685cc7b2f0ce1d07a415930bc65bb154f63980d1ead87a92a
SHA512

63323d68e8dd5ef3a3b514cbfb7617f796168feae90fe540bb4712e93cb51408e729ff27b3ca2a11bbcc87f38d1581ffdecc9562d238864708d7b50f036256a3
SSDEEP

3072:XdntmFypFOD+5BGBIJTj8V4l5LpfTBftMnWpn9VRI:ttM2qIJUV4lJpfTBlMnWpn9V

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

e561bfec4da9710685cc7b2f0ce1d07a415930bc65bb154f63980d1ead87a92a
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CertSrvBackupClose
CertSrvBackupEnd
CertSrvBackupFree
CertSrvBackupGetBackupLogsW
CertSrvBackupGetDatabaseNamesW
CertSrvBackupGetDynamicFileListW
CertSrvBackupOpenFileW
CertSrvBackupPrepareW
CertSrvBackupRead
CertSrvBackupTruncateLogs
CertSrvIsServerOnlineW
CertSrvRestoreEnd
CertSrvRestoreGetDatabaseLocationsW
CertSrvRestorePrepareW
CertSrvRestoreRegisterComplete
CertSrvRestoreRegisterThroughFile
CertSrvRestoreRegisterW
CertSrvServerControlW
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ