gh0strat | dd10f0de4b2607f442ac5b3b319859ea846159fb7ad0eb37a9701534676c056e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd10f0de4b2607f442ac5b3b319859ea846159fb7ad0eb37a9701534676c056e
Size

464KB
MD5

0f320069aa5ab6ece39453231a575860
SHA1

038418d4460649993a172e014f6c10884b5257dd
SHA256

dd10f0de4b2607f442ac5b3b319859ea846159fb7ad0eb37a9701534676c056e
SHA512

dcbfe8ed9014ba4c9afa0eaaf4e00bf7a16082c8bf6c0fcf42dd5c7e97ba8428a5c2678a26a7591883eacfc1206a526fb3cc8f8a0f69ba784726460aa6eda43b
SSDEEP

12288:1hVp7MZa7v4h2qb1R3PFWx2GLxe0DBYEVZ/:/V6Za7v4h5R3PFWxxx7DBYEb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

dd10f0de4b2607f442ac5b3b319859ea846159fb7ad0eb37a9701534676c056e
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

HrNMZl92
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qmb8RlCp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

autq9dgn
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nV2qO9cx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SvxZoGDd
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE