gh0strat | 3d78abe43cb64f65aa76011ad302fe354527530c23b4ba1d2d93fa986e4f4630

Sharing

Copy URL Twitter E-mail

General

Target

3d78abe43cb64f65aa76011ad302fe354527530c23b4ba1d2d93fa986e4f4630
Size

152KB
MD5

d87d21df965ab71fb293153e6a88c570
SHA1

87167a2cbcebd768e5e4e9d2162c56974d503d65
SHA256

3d78abe43cb64f65aa76011ad302fe354527530c23b4ba1d2d93fa986e4f4630
SHA512

4821ffb47d02d18802cfc53545ad7c70a90bdf7eee219bf2c871675ca4eca48d4c84e2626d42b579b57d924fb1425ebbba9cfb00ce3a1227d4adc8610be55273
SSDEEP

3072:/N/HcLC4JmNr5WMcQMbKEu1lD6eRDTBftwO0N6OOEF:1W3gNr1RMbKF1lFRDTBlwzT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

3d78abe43cb64f65aa76011ad302fe354527530c23b4ba1d2d93fa986e4f4630
.dll regsvr32 windows x86

5e1c8b686aa2ff04c2cb53b2a3cc6d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString

kernel32

LoadLibraryA
RaiseException
GetTickCount
lstrlenA
LocalFree
GetProcAddress
GetModuleHandleA
GetLastError
lstrcmpiA
lstrcpyA
LocalReAlloc
LocalSize
LocalAlloc
CloseHandle
Sleep
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetVersionExA
GetCurrentThreadId
ExitProcess
GetSystemDirectoryA
GetExitCodeProcess
GetModuleFileNameA
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
VirtualQuery
IsBadWritePtr
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
GetTempFileNameA
InterlockedExchange
ExpandEnvironmentStringsA
GetCurrentProcessId
lstrcmpA
VirtualProtect
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GlobalFree
GlobalAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA

user32

GetCursorInfo
wsprintfA
wvsprintfA
GetClassNameA
GetWindow
DestroyCursor
GetWindowRect
CloseWindowStation
CreateWindowExA
DestroyWindow
ShowWindow
LoadCursorA
MessageBoxA

shlwapi

StrStrIA

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

ws2_32

WSACleanup
WSAStartup
gethostbyname
closesocket
bind
socket
connect
accept
send
ioctlsocket
__WSAFDIsSet
select
recv
shutdown
getsockname
gethostname
setsockopt
listen
WSAIoctl

iphlpapi

GetAdaptersInfo

msvcrt

wcstombs
_adjust_fdiv
rand
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_wcsicmp
_strupr
_strlwr
_memicmp
wcsrchr
wcslen
_CxxThrowException
ceil
memmove
??3@YAXPAX@Z
atoi
realloc
strstr
strrchr
malloc
free
strncpy
_beginthreadex
_except_handler3
strncat
strchr
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
srand

Exports

Exports

CORLockDownProvider
CORPolicyEE
CORPolicyProvider
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
GetPublisher
GetUnsignedPermissions

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e1c8b686aa2ff04c2cb53b2a3cc6d55

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

shlwapi

userenv

ws2_32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB