gh0strat | 4dd3d50ce8d74af780fef374c5c5160e17a3a8274bf5f48efdae57c41203c42c

Sharing

Copy URL Twitter E-mail

General

Target

4dd3d50ce8d74af780fef374c5c5160e17a3a8274bf5f48efdae57c41203c42c
Size

150KB
MD5

b882e5b31f0f3345b384919a605f17e8
SHA1

9f3f1259abdcbe0634f673726bbc36fbd4e8a9b3
SHA256

4dd3d50ce8d74af780fef374c5c5160e17a3a8274bf5f48efdae57c41203c42c
SHA512

e9499680d1bec2f939abcfc8b68eb38b6b228b825b1873688c9547bdb93785b67c7afa093431405d78b052e21a0b0392e378d2e2b65df052b44c330f9e605822
SSDEEP

3072:zQ/Yo8/vWyKSygQAS6pUDYU4h8cYAsUsv8sPbyI75:sWH5y0nxUA7sUsv8mbyW

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

4dd3d50ce8d74af780fef374c5c5160e17a3a8274bf5f48efdae57c41203c42c
.exe windows x86

dbd6aa8d56ff228671f58c4cad33c27b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
lstrcatA
GetWindowsDirectoryA
lstrlenA
GetVersionExA
Beep
MultiByteToWideChar
lstrcpyA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
SetFilePointer
GetFileSize
GetFileAttributesA
LocalFree
LocalAlloc
ReadFile
GlobalUnlock
OutputDebugStringA
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetSystemInfo
OpenEventA
CreateMutexA
OpenProcess
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
RaiseException
GetModuleHandleA
GetLastError
MoveFileA
CreateFileA
WriteFile
WinExec
TerminateProcess
CreateProcessA
GetSystemDirectoryA
GetCurrentThreadId
CreateThread
GetProcessHeap
HeapAlloc
GetCurrentProcessId
FreeLibrary
ExitThread
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
LoadLibraryA
GetLocalTime
GetProcAddress

user32

SwapMouseButton
GetWindowTextA
GetAsyncKeyState
GetKeyState
LoadCursorA
DestroyCursor
EmptyClipboard
OpenClipboard
CloseClipboard
GetSystemMetrics
SetRect
ReleaseDC
GetCursorInfo
SendMessageA
LoadIconA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
IsWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
wsprintfA
GetMessageA
GetInputState
GetForegroundWindow
GetWindowRect
MoveWindow
FindWindowA
ShowWindow
MessageBoxA
ExitWindowsEx
PostThreadMessageA
RegisterClassA

gdi32

GetStockObject
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
SelectObject
CreateDIBSection

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyA
RegQueryValueExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

strncmp
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
_beginthreadex
realloc
strncat
exit
_snprintf
wcscpy
_errno
memcpy
strrchr
_except_handler3
free
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol
strstr
rand
sprintf
atoi
strncpy
strcspn
malloc
srand
time

winmm

mciSendStringA

urlmon

URLDownloadToFileA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrameStart
ICSendMessage
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSeqCompressFrame

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

Z09dxBA4
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

5B2luw9S
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IO6*<>v!
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qxm40+Q;
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbd6aa8d56ff228671f58c4cad33c27b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

urlmon

wininet

avicap32

msvfw32

wtsapi32

Sections

Z09dxBA4 Size: 109KB - Virtual size: 108KB

5B2luw9S Size: 16KB - Virtual size: 16KB

IO6*<>v! Size: 13KB - Virtual size: 18KB

qxm40+Q; Size: 10KB - Virtual size: 10KB

Z09dxBA4
Size: 109KB - Virtual size: 108KB

5B2luw9S
Size: 16KB - Virtual size: 16KB

IO6*<>v!
Size: 13KB - Virtual size: 18KB

qxm40+Q;
Size: 10KB - Virtual size: 10KB