gh0strat | 4d90eb8c0da8d827f59e9a26024fced9871add04a6510dea4e9bfce7934ddc34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d90eb8c0da8d827f59e9a26024fced9871add04a6510dea4e9bfce7934ddc34
Size

768KB
MD5

78ac1bf29ad9b23cae92ae72b7105680
SHA1

b179a1e390e5aca35ea119ae2ec0e2c6412f98bf
SHA256

4d90eb8c0da8d827f59e9a26024fced9871add04a6510dea4e9bfce7934ddc34
SHA512

153ab2e25d6514bfdc9e3c701642a7064811c939ac13c0e812f16170117448e4a83938c4c92792dad2dc7eeebd014f182fc9e97f78ea35314ddc98aee0c827fb
SSDEEP

3072:VhHO7Z3PzWvzCK4gFtGcVIn1gAJBTBftqHkn6zSMHz1Z3U7vbfsMM2:rHa3EzXRF0t3JBTBlqHknRKzubkMM2

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

4d90eb8c0da8d827f59e9a26024fced9871add04a6510dea4e9bfce7934ddc34
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?FreeArrayOfStrings@@YGXPAUarrayOfStrings@@@Z
?GetDiskCount@CDataCache@@QAEKXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetVolumeCount
DllCanUnloadNow

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ