gh0strat | 2b1493cc5b545df0733c28acaa6533f59acd183ea14a3424139187a67d007fb7

General

Target

2b1493cc5b545df0733c28acaa6533f59acd183ea14a3424139187a67d007fb7
Size

196KB
MD5

352c56d7f4aec45a0dacbb8b4c164e66
SHA1

173aa03c38d08f24bbd51fd41432abb6034cd134
SHA256

2b1493cc5b545df0733c28acaa6533f59acd183ea14a3424139187a67d007fb7
SHA512

9c4ebc9b6e49e91a9e5c4c535e78ca2cc5ac73604fc91bc739d704aaeb20762f2445f54a6ef3d4d6b01136e1a6cf98769bbbd6f433f5b9fddff518dfe5af1b35
SSDEEP

6144:sMSnW9c4wDBzMcsusWAKdSzTBlmnBn91nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn8:yW95wDB4q5SzT3y

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

2b1493cc5b545df0733c28acaa6533f59acd183ea14a3424139187a67d007fb7
.exe windows x86

952f6352c2892ac39a6f2a55c4c3183e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strncpy
strstr
strrchr
strncmp
srand
memmove
_except_handler3
malloc
rand
_ftol
tolower
memcpy
_strlwr
_itoa
__CxxFrameHandler

kernel32

GetCurrentThread
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetCurrentThreadId
GetCommandLineA
CopyFileA
GetStartupInfoA
CreateProcessA
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetShortPathNameA
WaitForSingleObject
CreateEventA
SleepEx
GetTickCount
WriteFile
MoveFileA
GetTempPathA
GetModuleFileNameA
ExitProcess
GetModuleHandleA
Sleep
GetProcAddress
GetCurrentProcess
GetLastError
CreateDirectoryA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
GetCurrentProcessId

user32

GetActiveWindow
FlashWindow

ws2_32

listen

Sections

.xext
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

952f6352c2892ac39a6f2a55c4c3183e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

Sections

.xext Size: 13KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 165KB - Virtual size: 165KB

.rsrc Size: 2KB - Virtual size: 2KB

.xext
Size: 13KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 165KB - Virtual size: 165KB

.rsrc
Size: 2KB - Virtual size: 2KB