Behavioral task
behavioral1
Sample
aacea577463f2313edf2ea7f3662ea6e98518767a4a708da121f0bd5ce9e44c2.exe
Resource
win7-20220901-en
General
-
Target
aacea577463f2313edf2ea7f3662ea6e98518767a4a708da121f0bd5ce9e44c2
-
Size
196KB
-
MD5
f642e8a6e6e41e0cedf2a60f779721ce
-
SHA1
2fed6b90d03953530ca0ab5a77180239ab0ede27
-
SHA256
aacea577463f2313edf2ea7f3662ea6e98518767a4a708da121f0bd5ce9e44c2
-
SHA512
ee754f5c8e1a21ecfe497cb3e25806d2d9419b88fd4891f7ffffb83437ac7439b4ee34d7b8df34d861fcec5c14a9076f8bb705de668cc8e56f8a0e8f1475636f
-
SSDEEP
6144:6sIt6nW8Q1BTyPRqyhYPbHcTBlhHr3ndnkv0:39W8rJq8YPbHcT3S
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
Files
-
aacea577463f2313edf2ea7f3662ea6e98518767a4a708da121f0bd5ce9e44c2.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
CODE Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata2 Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE