gh0strat | 49d0286b38b181c70ea8e8e69d4e9da7ebe8cfb9d4790c835c0ce19a9ec87635 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49d0286b38b181c70ea8e8e69d4e9da7ebe8cfb9d4790c835c0ce19a9ec87635
Size

783KB
MD5

bcb31a712d8583e4be8a492e0dc2f4e6
SHA1

cb7a3a6efc3a3703aae8fca5c044c5d957d6008b
SHA256

49d0286b38b181c70ea8e8e69d4e9da7ebe8cfb9d4790c835c0ce19a9ec87635
SHA512

0563f6f81ffc312a7b1aebda8273a17fd6de3e0410a9ef158db996b90f036120f32c2fd3743c7dda27ee4e470912acf9ae785c72f21cfc438b06120fb8934efd
SSDEEP

12288:jfoZQG1PyUwGh3Q9xRQpR3PvGLxe0DMwRoZQp1PyUwGhxYV:Tod1twGwkR3PIx7DBoe1twGC

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

49d0286b38b181c70ea8e8e69d4e9da7ebe8cfb9d4790c835c0ce19a9ec87635
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.!rc!
Size: 171KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ChW8avWh
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

OZNFY7Rg
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IHJ3KUI5
Size: 294B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0ICFj14c
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AoRE
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ