gh0strat | bf7e5afa9d63076cafad18bc496a5b040cc5206dfd8002db4751f25050df3d31

General

Target

bf7e5afa9d63076cafad18bc496a5b040cc5206dfd8002db4751f25050df3d31
Size

60KB
MD5

a10d7bbef1109b0a8fa11f53efcdbaf0
SHA1

49cf0bfdef1d044c02d56ecd5444679401d823c0
SHA256

bf7e5afa9d63076cafad18bc496a5b040cc5206dfd8002db4751f25050df3d31
SHA512

0f4867d3e233149c423592227d691e7f26dc4c9cd2922f66810a4da1bd1de4df743c1349d7c176dd95d04ca7304868dc2e02ebab7989a346b51852b55d7e8aff
SSDEEP

768:ICdyKhSHgFAf33qz++PwQmgt83UgEIO9nToIf1rJen:IwyeSHgm33q1wai3oIO9nToIfton

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

bf7e5afa9d63076cafad18bc496a5b040cc5206dfd8002db4751f25050df3d31
.dll windows x86

1f3cc6bb25e7476592c04e0ea0a6cfb0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
InterlockedExchange
CancelIo
Sleep
GetFileAttributesA
lstrcatA
GetSystemDirectoryA
WriteFile
CloseHandle
SetFilePointer
GetFileSize
CreateFileA
GetLocalTime
DeleteFileA
LocalFree
LocalAlloc
ReadFile
GetCurrentThreadId
DisableThreadLibraryCalls
SetEvent
WaitForSingleObject
lstrlenA
CreateEventA

user32

GetKeyState
GetAsyncKeyState
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetForegroundWindow
GetWindowTextA
wsprintfA

msvcrt

_adjust_fdiv
malloc
_initterm
free
_beginthreadex
__CxxFrameHandler
_ftol
ceil
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
select
recv
closesocket
send
WSAStartup
WSACleanup

Exports

Exports

Main
Version

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f3cc6bb25e7476592c04e0ea0a6cfb0

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB