gh0strat | 64ea7ac8b6be7e6f75a9de8ef91cca45ba09c2d8ac4289f77095fc3e55c8d9b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64ea7ac8b6be7e6f75a9de8ef91cca45ba09c2d8ac4289f77095fc3e55c8d9b3
Size

188KB
MD5

2122392bc6270ed3d56dd516651d28dd
SHA1

e832c72b462f441a2921bf2f465d9f9f8892df78
SHA256

64ea7ac8b6be7e6f75a9de8ef91cca45ba09c2d8ac4289f77095fc3e55c8d9b3
SHA512

2ce409b7a9d0d57601bcad4cd4dc1e3f6eda28fca31ed0dc4da45964941d5d4200c39f1ba48476967e8894297ff20985bf75b1306ad22653355cad90e1433bcd
SSDEEP

3072:IgLbcPW/OmMXUO6cmtUzKuLBugaSeHlKv74TgR6YvM4HaAFNr:xEe1OUXOzKuLBh6HkDCBt46c

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

64ea7ac8b6be7e6f75a9de8ef91cca45ba09c2d8ac4289f77095fc3e55c8d9b3
.exe windows x86

b15de66230ef79b9b3facda6874287a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
CreateFileA
LockResource
WriteFile
CloseHandle
GetProcessHeap
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr
GetEnvironmentVariableA
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
GetStartupInfoA

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE