gh0strat | ad11a9797793a68ba04b6cb755048ed04fd57b577258fdfc40fe7a79e2937347

Sharing

Copy URL Twitter E-mail

General

Target

ad11a9797793a68ba04b6cb755048ed04fd57b577258fdfc40fe7a79e2937347
Size

40KB
MD5

b95669735b087f2b52f0701e6ea34095
SHA1

de9069a02316b9c703ee4f939a1a41c79e353d49
SHA256

ad11a9797793a68ba04b6cb755048ed04fd57b577258fdfc40fe7a79e2937347
SHA512

b64ae8dfe5852bba54f6575d9c33f3fcdedc5d84e0c46cfe35ad2178eadced4b201eb486f17370f4f3486cd3936c3c55c0543d21e8fa72d3d10d3c69f2bbe58e
SSDEEP

768:0kIAaaE/KYUgj05S/I0sRUWHD401CrFaKYnkG49sBlDe9tDRw:0Z4Eyn565Wz1kGbq7a

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

ad11a9797793a68ba04b6cb755048ed04fd57b577258fdfc40fe7a79e2937347
.exe windows x86

73d1b7e3957ff309dd0392b84f972c31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_beginthreadex
_access
sprintf
_except_handler3
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
??3@YAXPAX@Z

kernel32

GetStartupInfoA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
Sleep
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
lstrlenA
TerminateThread
lstrcatA
GetTickCount
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
ExitProcess
GetCurrentThreadId
DeleteFileA
DuplicateHandle
OpenProcess
CreateDirectoryA
GetLocalTime
OpenEventA
WinExec
ExpandEnvironmentStringsA
GetModuleFileNameA

user32

OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
OpenDesktopA
PostThreadMessageA
GetInputState
GetMessageA
ExitWindowsEx
wsprintfA
CloseDesktop

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
OpenServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
OpenSCManagerA

shell32

ShellExecuteA

ws2_32

connect
htons
gethostbyname
socket
closesocket
ntohs
recv
select
send
gethostname
getsockname
WSAIoctl
WSACleanup
WSAStartup
setsockopt

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73d1b7e3957ff309dd0392b84f972c31

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

wininet

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB