gh0strat | 309470dd50e8e8f1f785201585ea1f72b5d27a46f649f031772687ecf3b0d394

Sharing

Copy URL Twitter E-mail

General

Target

309470dd50e8e8f1f785201585ea1f72b5d27a46f649f031772687ecf3b0d394
Size

68KB
MD5

b5d424efad6b3cb441b6e15a88e4313b
SHA1

2ea3f9ab97a141500f50b5c0d44ebdda4d8add72
SHA256

309470dd50e8e8f1f785201585ea1f72b5d27a46f649f031772687ecf3b0d394
SHA512

0b9ff61b2dda6da14dd1429dfda3a6865103f6a88745702cb92b31305ff811203a8bd2c5364c77ba91a81922f37b536fbd89ec8320855f53d31caf3ef2621169
SSDEEP

768:CP+I09SK+92BwyOW7ssqRVISKQ8RcQkS5y23/R4dRDuYgR8vki/6qe3a4f6ehp/:CW39SK+jdbsq/eQ8Rc85P4ds88pfp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

309470dd50e8e8f1f785201585ea1f72b5d27a46f649f031772687ecf3b0d394
.exe windows x86

55d9f6f66b0bd491a6c621b54118892b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord825

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_stricmp
memmove
ceil
_ftol
strstr
__CxxFrameHandler
_CxxThrowException
malloc
strrchr
free
exit
realloc
atoi
sprintf
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ

kernel32

SetFileAttributesA
FreeLibrary
SetErrorMode
GetStartupInfoA
GetCurrentThreadId
CreateMutexA
ExitProcess
OutputDebugStringA
GetShortPathNameA
GetExitCodeProcess
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
WriteFile
SetFilePointer
CreateFileA
GetFileSize
GetWindowsDirectoryA
ReadFile
GetFileAttributesA
CreateProcessA
lstrcpyA
lstrlenA
CreateThread
GetLastError
GetCurrentProcess
Process32Next
LocalReAlloc
LocalSize
OpenProcess
Process32First
LocalAlloc
CreateToolhelp32Snapshot
LocalFree
TerminateThread
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
GetTickCount
GetModuleHandleA
GetPrivateProfileStringA
GetSystemInfo
GetComputerNameA
GetVersionExA
OpenEventA
GetModuleFileNameA

user32

GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
OpenDesktopA
OpenWindowStationA
SetProcessWindowStation
wsprintfA
ExitWindowsEx
MessageBoxA
GetProcessWindowStation

advapi32

SetServiceStatus
RegQueryValueA
RegOpenKeyExA
StartServiceCtrlDispatcherA
CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
RegisterServiceCtrlHandlerA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog

ws2_32

setsockopt
htons
gethostbyname
socket
recv
select
closesocket
send
getsockname
WSAStartup
WSACleanup
WSAIoctl
connect

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fqwtkqe
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55d9f6f66b0bd491a6c621b54118892b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

ole32

oleaut32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 36KB - Virtual size: 36KB

fqwtkqe Size: - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 36KB - Virtual size: 36KB

fqwtkqe
Size: - Virtual size: 4KB