gh0strat | 6752239e05c0cc3bd5cf5bf197d05dc63660e736400e641bf76e7154d8414c22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6752239e05c0cc3bd5cf5bf197d05dc63660e736400e641bf76e7154d8414c22
Size

204KB
MD5

0cbb73f5079bdd80bab19abe40a8fb40
SHA1

23acc135d79e4bb7530a937c1dfeedda8f70ff2e
SHA256

6752239e05c0cc3bd5cf5bf197d05dc63660e736400e641bf76e7154d8414c22
SHA512

a5a0ece476c514a0472caa7abde61f5b5e2b6f989a0f95b42e66bc68a949b0af1c20f403f5599f7741e8ea3f1ef250429adbf09eb632638ef01d5b584175c222
SSDEEP

3072:4TeTY1Em5WBqwP3fsRQ/Xz7iasAKyC/hX:4iTViWB0uL7tEJ5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

6752239e05c0cc3bd5cf5bf197d05dc63660e736400e641bf76e7154d8414c22
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jiao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jia
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE