gh0strat | b54040319a5bf47884596549866ab0229d90e14ea65c50ac8e5c4dd6e4ec1d5d

Sharing

Copy URL Twitter E-mail

General

Target

b54040319a5bf47884596549866ab0229d90e14ea65c50ac8e5c4dd6e4ec1d5d
Size

172KB
MD5

0f62fa764c3a45409cb13851439caf4d
SHA1

d93abef0a23fef2577ce5a7f9a82fe6a263b2c27
SHA256

b54040319a5bf47884596549866ab0229d90e14ea65c50ac8e5c4dd6e4ec1d5d
SHA512

f3b2698515313d3d22e0ca6342ef3c6d97885ce0bd2009924fa2deca01978421e58cb610ec8d8d7d01e5677e0caec1a3b668de36c1d304f85a772a0cf0a1c71b
SSDEEP

3072:RHwfDPncckecXyfEtiTNe6tvZyCdrh0AXmBcQQa53333ruu4:Rk7cx7XnsBeEEBcZat

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b54040319a5bf47884596549866ab0229d90e14ea65c50ac8e5c4dd6e4ec1d5d
.exe windows x86

96e2c6fb2fc7793ac81ca754d34439f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
Sleep
TerminateThread
GetCurrentProcess
DeleteFileA
LeaveCriticalSection
GetTempPathA
OutputDebugStringA
GetModuleFileNameA
GetVersionExA
GetSystemDefaultUILanguage
CopyFileA
GetSystemDirectoryA
OpenEventA
GetLastError
GetTickCount
SetThreadPriority
CreateThread
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
EnterCriticalSection
LoadLibraryA
GetProcAddress
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
CreateProcessA
GetOEMCP
InterlockedDecrement
GetFileType
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

user32

wsprintfA
ExitWindowsEx

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA

ws2_32

socket
inet_ntoa
ntohs
setsockopt
WSAIoctl
WSACleanup
WSAStartup
closesocket

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96e2c6fb2fc7793ac81ca754d34439f4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 52KB - Virtual size: 52KB