gh0strat | 36452e5a4114f5ebe942166f372a158d14b27b1971d7eeb06240b7aeab53b1f3 | Triage

Sharing

General

Target

36452e5a4114f5ebe942166f372a158d14b27b1971d7eeb06240b7aeab53b1f3
Size

24.1MB
MD5

0805d113180c77d0d2177bf1ef532076
SHA1

a561f997949f5d005c9528d0eac9170dfc43b8e0
SHA256

36452e5a4114f5ebe942166f372a158d14b27b1971d7eeb06240b7aeab53b1f3
SHA512

eb0c716eb4fb395573641ed1a9ead0c7723af456993af4b523afdf67553e383c9a2f1a0862d1d5b2d2d8fa43890fcdd391bbd6136144aa5bee4c0c1d01ae14ab
SSDEEP

3072:pORtKm6tPvjUosLefKycXI/vthPCcTBftp5inVP3:sRz6t1sLeCDI//PCcTBlpAnN3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

36452e5a4114f5ebe942166f372a158d14b27b1971d7eeb06240b7aeab53b1f3
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE