gh0strat | ff4d56272f53a705a079795f3b78d70d7a20b812a79776a2b2b169f8716a1634

General

Target

ff4d56272f53a705a079795f3b78d70d7a20b812a79776a2b2b169f8716a1634
Size

120KB
MD5

96d415d09117c0d57b1880aa7dbf311d
SHA1

4b4a8121b3c1c8a1eb200157583916da8ad38d49
SHA256

ff4d56272f53a705a079795f3b78d70d7a20b812a79776a2b2b169f8716a1634
SHA512

eb368c87f2dfcbdcca1e1d52fce0115ec3b5c5fa64015e8f073c6e1bf47fb1f2b8201206fd3dc3756261cdc9c5dea8ce37bde5500efffab4dec3dc26b5beb3b2
SSDEEP

3072:0PuFP9wPK9fHwkDygAs8sslc7T7qSz4ty:0QWCHwoQsI0T7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

ff4d56272f53a705a079795f3b78d70d7a20b812a79776a2b2b169f8716a1634
.exe windows x86

62e37ac6c44b05b3af3d003bf26470ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
free
calloc
_except_handler3
_mbsstr
wcsstr
_mbslwr
_CxxThrowException
memmove
_ftol
??2@YAPAXI@Z
__CxxFrameHandler
wcslen
_wcsupr
??3@YAXPAX@Z

kernel32

WideCharToMultiByte
OutputDebugStringA
GetStartupInfoA
GetModuleHandleA
MultiByteToWideChar
InterlockedDecrement
lstrlenA
LocalFree
FreeLibrary
CreateToolhelp32Snapshot
Process32First
GetLastError
Process32Next
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
Sleep
LoadLibraryA
GetProcAddress

user32

EnumWindows

advapi32

LookupPrivilegeValueA

ws2_32

gethostname
send
WSAStartup
setsockopt
WSACleanup
select
closesocket
recv
ntohs
socket
gethostbyname
htons
connect
WSAIoctl

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62e37ac6c44b05b3af3d003bf26470ef

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ws2_32

ole32

oleaut32

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 16KB