gh0strat | c3b12726f1c45f32bd5b0fe96348d334b74a9cb6c34c1134a86e41e2ede79ef8

Sharing

Copy URL Twitter E-mail

General

Target

c3b12726f1c45f32bd5b0fe96348d334b74a9cb6c34c1134a86e41e2ede79ef8
Size

116KB
MD5

0c3bae33341f0224c5d99aae89432560
SHA1

6e84e1518831d25f21b9ab930ecd287616c243d7
SHA256

c3b12726f1c45f32bd5b0fe96348d334b74a9cb6c34c1134a86e41e2ede79ef8
SHA512

44d3317fb06815dc35c963a4271f24b6439ebaa481acda48455db096025f099e7a002b2a1aa1515208f90be3d5518b7ba075e5c53110fe59f6f83260bbfc7bf2
SSDEEP

1536:y9vT9gyuHxAFRHabF3CFcOOTYf4U0fRbbkJl2s5gWsM:i7yWTaRSFHOTC4U05bbkJl/5CM

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

c3b12726f1c45f32bd5b0fe96348d334b74a9cb6c34c1134a86e41e2ede79ef8
.exe windows x86

cd92ef91da76a49d59629a4c4c939c04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
HeapAlloc
GetProcessHeap
VirtualProtect
IsBadReadPtr
HeapFree
FreeLibrary
GlobalMemoryStatus
GetSystemInfo
ExitThread
SetErrorMode
OpenEventA
CreateMutexA
LockResource
LoadResource
FindResourceA
EnumResourceNamesA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GlobalFree
GlobalAlloc
GetCurrentThreadId
GetModuleHandleA
GetTickCount
lstrcatA
GetStartupInfoA
CreateProcessA
GetLastError
LocalSize
LocalFree
GetFileAttributesA
GetFileSize
ReadFile
lstrlenA
LocalReAlloc
GetWindowsDirectoryA
InitializeCriticalSection
CreateFileA
SetFilePointer
WriteFile
LocalAlloc
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
LoadLibraryA
GetProcAddress
EnterCriticalSection
VirtualFree
DeleteCriticalSection
GetVersionExA

user32

OpenDesktopA
MessageBoxA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassA
GetMessageA
ExitWindowsEx
wsprintfA

advapi32

RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenServiceA
DeleteService
RegSetValueExA
RegCloseKey
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
RegQueryValueExA

msvcrt

ceil
_ftol
??2@YAPAXI@Z
puts
malloc
strrchr
_iob
atoi
strncmp
strncpy
free
strchr
_CxxThrowException
rand
srand
time
sprintf
exit
realloc
_except_handler3
strncat
_beginthreadex
calloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
_controlfp
__CxxFrameHandler
memmove
??3@YAXPAX@Z
_strnicmp
_stricmp
_errno
__p__fmode

ws2_32

__WSAFDIsSet
htonl
WSASocketA
gethostname
WSAGetLastError
recvfrom
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSAStartup
sendto
WSACleanup
listen
accept
getpeername
bind
getsockname
ntohs
inet_addr
inet_ntoa
send
closesocket
recv
socket
select

mfc42

ord540
ord6877
ord939
ord537
ord6648
ord2764
ord4129
ord926
ord924
ord922
ord535
ord858
ord6663
ord2818
ord4278
ord860
ord800

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd92ef91da76a49d59629a4c4c939c04

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

mfc42

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 15KB

.rsrc Size: 19KB - Virtual size: 20KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 19KB - Virtual size: 20KB