gh0strat | 629cdaa64a950ec8d7b6c5abcfa5c2a4822979b4a715551ff747016f55eb6648 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

629cdaa64a950ec8d7b6c5abcfa5c2a4822979b4a715551ff747016f55eb6648
Size

604KB
MD5

20ce5bcb4ff48f90c048a90e654ae2e0
SHA1

ef6aee65376972c59372790d695c5750f7de97ae
SHA256

629cdaa64a950ec8d7b6c5abcfa5c2a4822979b4a715551ff747016f55eb6648
SHA512

679ec91d4bb5d6a1b123e3500262a233670ee54a3407d249699003c98c266e1b59491f7b8634121cb3fb924dcd036d7c10e7a1992ea8119136f1e9dda57bc8a0
SSDEEP

3072:baQPdHgk0mi1sBk6wLeOYKzGxufwrTBftAn9n06d8Ck174BwycvEZ:fHgNqW661YKzGiwrTBlAn9nDdOqi9EZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

629cdaa64a950ec8d7b6c5abcfa5c2a4822979b4a715551ff747016f55eb6648
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

UPSCancelWait
UPSGetState
UPSInit
UPSStop

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ