gh0strat | d9c58b7241d069c1529f8a3dacd0ce2eb691dfa35e0e500291d946809e2bdf53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9c58b7241d069c1529f8a3dacd0ce2eb691dfa35e0e500291d946809e2bdf53
Size

18KB
MD5

0e21cab444d928cbe2792f32811398bc
SHA1

b16ec93b374c553cceed53cfce73279af9f3fe66
SHA256

d9c58b7241d069c1529f8a3dacd0ce2eb691dfa35e0e500291d946809e2bdf53
SHA512

df0f68096294e2cbab5b85dd9d6daded78b0977f2e48133babab88289ff4170e50dfd13ff24dad4c10fb080aec1771d57b34d382a134dd63b35944f561dfad22
SSDEEP

384:TKfZ0Fo/L/55KHJkdJgqj78WkK5kfMn5pr:i0Fodga/ufMn5p

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

d9c58b7241d069c1529f8a3dacd0ce2eb691dfa35e0e500291d946809e2bdf53
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE