gh0strat | 68ee145bc1d89b56cb6b7cd79fcf65542af82e3288f1f62d239f41b737854721

Sharing

Copy URL Twitter E-mail

General

Target

68ee145bc1d89b56cb6b7cd79fcf65542af82e3288f1f62d239f41b737854721
Size

212KB
MD5

83abcb9ea74ed4cae346c92980201120
SHA1

0d77683d3a68763fd0a75181826021fc27162274
SHA256

68ee145bc1d89b56cb6b7cd79fcf65542af82e3288f1f62d239f41b737854721
SHA512

8072501edfc05b4103c23333fa9813c062a98bae46a085d43ed2416923d2a035062c4e4bfe7038ae1cad9f8b5427885141ea64fec177829a16c192418f1a480f
SSDEEP

3072:hgivARinbxSZPPjqaS6Aai6WqC3Fa93LUgz8a9hU3gtF8n0:kW2LqauDE97xz8wmQ8n0

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

68ee145bc1d89b56cb6b7cd79fcf65542af82e3288f1f62d239f41b737854721
.exe windows x86

93e81a5e6c02db26acd594c237e8f622

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
LCMapStringA
GetCurrentProcess
CloseHandle
OpenProcess
GlobalUnlock
HeapFree
lstrlenA
MultiByteToWideChar
lstrcatA
MoveFileA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
FreeLibrary
CreateThread
Sleep
GetLocalTime
GetTickCount
LoadLibraryA
SetStdHandle
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetFilePointer
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
ExitThread
TlsGetValue
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetLastError
GetCurrentThreadId
TlsSetValue

user32

OpenClipboard
GetSystemMetrics
SetRect
ReleaseDC
GetCursorInfo
CreateWindowExA
IsWindow
SendMessageA
LoadCursorA
wsprintfA
EmptyClipboard
DestroyCursor

gdi32

DeleteDC
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

DeleteService
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

inet_addr
send
socket
gethostbyname
htons
connect
recv
select
closesocket
WSAStartup
ntohs
getsockname
bind
getpeername
accept
listen
__WSAFDIsSet
gethostname
sendto
setsockopt
inet_ntoa
WSACleanup
htonl
WSASocketA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

urlmon

URLDownloadToFileA

netapi32

NetUserAdd
NetLocalGroupAddMembers

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame

Exports

Exports

aabbccdd
daxuewuli
eeffgghh
gaoshu
gongchengshuxue
iijjkkmm

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93e81a5e6c02db26acd594c237e8f622

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wininet

urlmon

netapi32

msvfw32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 28KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 28KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 1KB