gh0strat | 25b7dda378cfe70390bffa5bfb3bf48f16f0325acf5de3dd0a2229b799fd6d30

Sharing

Copy URL Twitter E-mail

General

Target

25b7dda378cfe70390bffa5bfb3bf48f16f0325acf5de3dd0a2229b799fd6d30
Size

50KB
MD5

96968c15a9561a34d7265686024efe30
SHA1

a3f753733020476fb08ef229b6d75f10010a2a40
SHA256

25b7dda378cfe70390bffa5bfb3bf48f16f0325acf5de3dd0a2229b799fd6d30
SHA512

4f4b2c06d0a62bb7bd7e324c7f38b9f629c254cad43746b11f1725c29a60f718e3da4f4c10d5cb7a2091777dada420306cc370d4a627d8a1077f2c40ae4aacf1
SSDEEP

768:A22Cx8+U053sh4gGcAVkh5TI0Df+OaMKnGp34QUkrNxPY4:A2288z09s0cBT7f+OaMKKoGrY

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

25b7dda378cfe70390bffa5bfb3bf48f16f0325acf5de3dd0a2229b799fd6d30
.dll windows x86

175fb5458feb576ef743e30e72a659f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetTickCount
GetProcAddress
LoadLibraryA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
WriteFile
LocalFree
ReadFile
LocalAlloc
PeekNamedPipe
WaitForMultipleObjects
lstrlenA
DeviceIoControl
SetLastError
GlobalMemoryStatus
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
lstrcatA
SetUnhandledExceptionFilter
FreeConsole
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetLastError
Sleep
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateFileA
CreateEventA

user32

OpenWindowStationA
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenInputDesktop
OpenDesktopA
SetProcessWindowStation
wsprintfA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus

msvcrt

free
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
_ftol
strncpy
strrchr
malloc
printf
wcstombs
_beginthreadex

ws2_32

gethostbyname
socket
ntohs
recv
htons
select
send
gethostname
getsockname
connect
setsockopt
WSAIoctl
closesocket
WSAStartup
WSACleanup

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile

avicap32

capGetDriverDescriptionA

Exports

Exports

InitDialog
ServiceMain
Update

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

175fb5458feb576ef743e30e72a659f3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

wininet

avicap32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB