gh0strat | a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb | Triage

Sharing

General

Target

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
Size

131KB
MD5

132521e6203dbcbf830c1dde49b35581
SHA1

d9f1508c6a25f8b419e509e6e98a4ac3aec9227a
SHA256

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
SHA512

8c43617b5b910db7cbed4bdd50e635d04e2406a29829292583a803f8d6574144eddd9d6fa67b91df9c0b4a338113e2bf8b2324f9c374b9760cfd09b2135db1a9
SSDEEP

3072:gu+/qlgByBTEur7VsuRh/DBiE/8bNJFXDccx+tJdnJ0:g5DyBTE0V1LDw5N3TccqJdnJ0

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
.exe windows x86

Code Sign

0c:06:ba:46:06:31:8e:77:6f:58:1c:ca:88:b2:d8:8b:a8:cc:6d:7a
Signer

Actual PE Digest

0c:06:ba:46:06:31:8e:77:6f:58:1c:ca:88:b2:d8:8b:a8:cc:6d:7a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01-01-0001 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ