gh0strat | 84ac817e9868684a89c213e94a757ce6c1bec1f8a87327ab7b77cd1a1d544ec3

Sharing

Copy URL Twitter E-mail

General

Target

84ac817e9868684a89c213e94a757ce6c1bec1f8a87327ab7b77cd1a1d544ec3
Size

29KB
MD5

0ab7882788106b6ddbb1de5c52ca70e0
SHA1

e4ffc3152e1fc6c1249eb610d06fb98d5557bdc0
SHA256

84ac817e9868684a89c213e94a757ce6c1bec1f8a87327ab7b77cd1a1d544ec3
SHA512

3341440c999b483163817bc21baba524ceaff59ee8cb6a1e2b54271718d3b1df7e03cf948dcd4b2c4c52e3bee5ec0f6a109e25f372b178a6adc3f21689874a2a
SSDEEP

768:xBNCHcxls89c4Vf8i6VMjPXBWLW2/9wOqAyr3cKToi4c1Jir5:xj9cHVUPXYy2pYMRFc1Jir

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

84ac817e9868684a89c213e94a757ce6c1bec1f8a87327ab7b77cd1a1d544ec3
.dll windows x86

4358441aed5d430449bc1e05cbeef8cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
DeleteFileA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetLastError
MoveFileExA
MoveFileA
RemoveDirectoryA
lstrcatA
TerminateThread
CreateThread
UnmapViewOfFile
MapViewOfFile
InterlockedExchange
FindClose
CreateProcessA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateDirectoryA
WriteFile
LocalAlloc
lstrcmpiA
GetCurrentThreadId
SetEvent
ResetEvent
CreateEventA
FreeConsole
SetErrorMode
SetUnhandledExceptionFilter
lstrcpyA
CreateMutexA
GetLastError
GetTickCount
OpenEventA
ReleaseMutex
WaitForSingleObject
CloseHandle
InitializeCriticalSection
FindFirstFileA
FindNextFileA
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemDirectoryA
GetFileAttributesA
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
OpenFileMappingA

user32

wsprintfA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA

advapi32

RegQueryValueExA
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyA
RegCloseKey
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA

msvcrt

strncat
_stricmp
_itoa
_adjust_fdiv
_initterm
free
??1type_info@@UAE@XZ
_beginthreadex
_strnicmp
_except_handler3
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
atoi
strchr
??2@YAPAXI@Z
realloc
malloc
printf
exit
__CxxFrameHandler
wcstombs
strncpy
_CxxThrowException
strrchr

ws2_32

WSACleanup
WSAIoctl
setsockopt
WSAStartup
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
gethostname
getsockname
connect

Exports

Exports

ServiceMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4358441aed5d430449bc1e05cbeef8cb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 42KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 42KB

.reloc
Size: 2KB - Virtual size: 2KB