gh0strat | a1198af55be82388000ba6db634d6c27ea583d5019824a832d164313933bea29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1198af55be82388000ba6db634d6c27ea583d5019824a832d164313933bea29
Size

336KB
MD5

e0b17b8cd84c6fdd9311560ff8f0afaf
SHA1

7ce743328b564d13052457183f96c4561f5026e9
SHA256

a1198af55be82388000ba6db634d6c27ea583d5019824a832d164313933bea29
SHA512

64d82fc3e1e4706b6d5929ff5017ae56341d4c70716a3672641d78405347f7c6a0f4546fe206f9b8341c8aff84f6793bf8d89a49cd1e7bb9b5be122f8ea4f690
SSDEEP

6144:t3JVGpxx9b3wZuw44GHeqo/JH8uzqNZuLTiARPAgTiaZCZ8:5JI3L3+tTLF8uzqNZyAgTcZ8

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

a1198af55be82388000ba6db634d6c27ea583d5019824a832d164313933bea29
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iruhjug
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.khe
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE