gh0strat | b6ed060cf2e3f986e854946995eeeed8ff98ef69a3dcce316455a687742b25f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6ed060cf2e3f986e854946995eeeed8ff98ef69a3dcce316455a687742b25f9
Size

288KB
MD5

3690bf16ff539e614177ac307393e650
SHA1

7faccd035cfaad69b3dda51eb942273096f4397a
SHA256

b6ed060cf2e3f986e854946995eeeed8ff98ef69a3dcce316455a687742b25f9
SHA512

93134f91751c99b92ce4180150c7125277296e4c8b6fc368a1e042fe8ab888ff421b3ae62d5b6e2abde930d0f25a55549516ae9648acfc1a8ddc2d47cc1e4401
SSDEEP

1536:vWrIkIclubF9T3WHqhW6R2c3ObcfZFfaZs4zcEGcOr9N2DEKZ:v65IFFtmT63ObAZ9aZscAr9N2IY

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b6ed060cf2e3f986e854946995eeeed8ff98ef69a3dcce316455a687742b25f9
.exe windows x86

0c7854e6f913deb129f72c63b98632bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetStartupInfoA
GetModuleFileNameA
SetPriorityClass
GetCurrentThread
SetThreadPriority
ExitProcess
GetVersionExA
LockResource
GetCurrentProcess
GetLastError
CloseHandle
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA

advapi32

OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
CreateServiceA
RegOpenKeyA
RegSetValueExA
StartServiceA
RegCloseKey
CloseServiceHandle
StartServiceCtrlDispatcherA

shell32

SHChangeNotify
ShellExecuteA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

msvcrt

_XcptFilter
__p__fmode
_controlfp
_except_handler3
realloc
malloc
atoi
??3@YAXPAX@Z
??2@YAPAXI@Z
fclose
fprintf
fopen
__p__pgmptr
_exit
__p__commode
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ