gh0strat | 3ba5f8c62e90cdc4b8a496fe19ba3163cb7e79cdaa90a67dc4adcf21e861710f

Sharing

Copy URL

Twitter E-mail

General

Target

3ba5f8c62e90cdc4b8a496fe19ba3163cb7e79cdaa90a67dc4adcf21e861710f
Size

72KB
MD5

4ceaebfbcc554ac08d210bdd76c21350
SHA1

2542422598a6b0c40261016ddf22ad2fa0ac1ba3
SHA256

3ba5f8c62e90cdc4b8a496fe19ba3163cb7e79cdaa90a67dc4adcf21e861710f
SHA512

0a0e193f02b9305668edd5826a58f80214eb70d026489dd77ebe6c05e41efe895da4157ef3a80674484177092c42fac5f176a0d86a25ab8eb409bf465d65147f
SSDEEP

1536:XAf8QOw6DRak0HfNcefHfLxEVIgARA2IKav5:XAf8170HfNRf/LxEagARADKe5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

3ba5f8c62e90cdc4b8a496fe19ba3163cb7e79cdaa90a67dc4adcf21e861710f
.dll windows x86

2825de84ca989050766bba978b80fd96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
CreateFileA
WriteFile
SetFilePointer
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
TerminateThread
PeekNamedPipe
WaitForMultipleObjects
ReadFile
GetSystemInfo
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
SetUnhandledExceptionFilter
GetModuleFileNameA
lstrcmpiA
GetCurrentThreadId
HeapFree
IsBadReadPtr
VirtualProtect
GetProcessHeap
HeapAlloc
ExpandEnvironmentStringsA
InitializeCriticalSection
GetLocalTime
MoveFileA
MoveFileExA
GetSystemTime
CreateEventA
GetWindowsDirectoryA
CreateProcessA
LocalAlloc
LocalSize
LocalReAlloc
GetTickCount
MultiByteToWideChar
FreeLibrary
lstrcpyA
lstrcatA
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
LocalFree
GetLastError
lstrlenA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
LoadLibraryA
GetProcAddress
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GlobalMemoryStatusEx
RaiseException

advapi32

RegCloseKey
DuplicateTokenEx
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle

msvcrt

memmove
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
strncpy
strrchr
malloc
wcscpy
atoi
strchr
fclose
fwrite
fopen
realloc
free
puts
strncat
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
_strnicmp
_stricmp
??3@YAXPAX@Z
_strcmpi

netapi32

NetUserAdd
NetLocalGroupAddMembers

wtsapi32

WTSQueryUserToken

Exports

Exports

Aircmdg
aircmd
aircmdwin7
kongqig

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2825de84ca989050766bba978b80fd96

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

netapi32

wtsapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

PAGE Size: 2KB - Virtual size: 1KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 7KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 48KB

PAGE
Size: 2KB - Virtual size: 1KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 7KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB