gh0strat | 8285a755293170b3ec2d58ba9d33363b823ca2f61907a03290b92aeca037d7a2

General

Target

8285a755293170b3ec2d58ba9d33363b823ca2f61907a03290b92aeca037d7a2
Size

67KB
MD5

40997fb871216f8455f8a3df86c87565
SHA1

2028b6330545e5796b81960f32007fe9fa82db6f
SHA256

8285a755293170b3ec2d58ba9d33363b823ca2f61907a03290b92aeca037d7a2
SHA512

48eb3cd90b740c8f50cde4232adfcd15f970812e9db6defba46fd61875e6d6532cbd3488411218220debbe4550717dd42d025b8c01cf88c35a08cc770062e465
SSDEEP

1536:G3t7WBDh6xdwUyZ+cVu7fu1S6JIoE7fqh54K:GdaD6TyZ+6uLu1SQIoE7fS54

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

8285a755293170b3ec2d58ba9d33363b823ca2f61907a03290b92aeca037d7a2
.dll windows x86

9111679f5665b7e5f4691c3fc869e90e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeSicurek
GetPro��~�:�
LoadSecurekA
DeleteCriticalSectSoW
VirtualFree
LeaveCriticalSectSoW
E
Sleep
VirtualA�<0
Clos�H
WaitForSingleObject
GetLastEr�or
ResetEv@ntZ
SetEv@ntZ
InterlockedExchange
CancelIo
GetTickCount
GetL<0alTim�
CreateThread
GetCurrentPr<0:�Id
HeapA�<0
GetPro�:�Heap
CreatePr<0:�A
WinExec
lstrcpyA
TerminateThread
DeleteFileA
lstrcatA
Pr<0:�32Next
lstrcmpiA
Pr<0:�32First
CreateToolhelp32SnapshotZ
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetV�rsSVWExA
OpenEv@ntA
SetEr�orMode
CreateDirectoryA
GetCurrentPr<0:�
lstrlenA
GetWindowsDirectoryA
SetFileAttribute�A
SetFilePointer
CopyFileA
Exp
GetMn��FileNameA
RadFile
CreateFileA
RaiseEx0ptSoW
L<0alA�<0

msvcrt

0il
_ftol
puts
st�st��I
__CxxFrameH
??2@YAPAXI@Z
_CxxThrowEx0ptSoW
r
sprintf
st�ncpy
st�rchr
ma�<0
_beginthreadex
atoi
wcstombs
_ac0ss
sr
0a�<0
free
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
putchar
memmove
??3@YAXPAX@Z
_strrev
_stricmp

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1445.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.re�<0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9111679f5665b7e5f4691c3fc869e90e

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 1445.6MB

.rsrc Size: 2KB - Virtual size: 1KB

.re�<0 Size: 3KB - Virtual size: 2KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 1445.6MB

.rsrc
Size: 2KB - Virtual size: 1KB

.re�<0
Size: 3KB - Virtual size: 2KB