gh0strat | c4ccc3074e3ce271b380d84120c74ec435d2fb4eb9a71e67785188fe2f170ce7

Sharing

Copy URL Twitter E-mail

General

Target

c4ccc3074e3ce271b380d84120c74ec435d2fb4eb9a71e67785188fe2f170ce7
Size

236KB
MD5

25227544dbf130cbfa0e97b0848fdbb6
SHA1

902e114a39d5949baa750e7ff113cf0a8fa28a37
SHA256

c4ccc3074e3ce271b380d84120c74ec435d2fb4eb9a71e67785188fe2f170ce7
SHA512

33840c8e4c35c07e3f2d91dfd7a761093d7bd4e06cd03488abe22b17714bf2e1dde4856ae573639cc685ffa347846b6040d0ee2b5265b1f72ca8b34f81eb2536
SSDEEP

3072:T25dBTLHhLZrX/EwCZpZH7dgjCMYHoJs2G3Jz5m5UBY7enkY:MvXhhSZHZoCTHoJxG3v+7ent

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

c4ccc3074e3ce271b380d84120c74ec435d2fb4eb9a71e67785188fe2f170ce7
.dll windows x86

55bff68720469a451d19e7a2dcf17633

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetVersionExA
GetLastError
CreateDirectoryA
lstrlenA
GetDiskFreeSpaceExA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
GetFileSize
CreateFileA
ReadFile
WriteFile
MoveFileA
lstrcatA
SetFilePointer
GetModuleFileNameA
GetCurrentProcess
VirtualAllocEx
GetLocalTime
Sleep
GetTickCount
ResetEvent
GetProcessHeap
OutputDebugStringA
UnmapViewOfFile
InterlockedExchange
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatusEx
DeviceIoControl
GetSystemInfo
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
lstrcmpiA
GetCurrentThreadId
OpenProcess
Module32Next
Module32First
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
DeleteFileA
LoadLibraryA
GetProcAddress
lstrcpyA
CloseHandle
HeapFree
CreateEventA
RaiseException

gdi32

BitBlt
SelectObject
CreateDIBSection
CreateCompatibleBitmap
GetDIBits
GetStockObject
DeleteDC
DeleteObject
CreateCompatibleDC

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

msvcrt

strncpy
fclose
fwrite
fopen
realloc
atoi
strncmp
sprintf
strncat
strchr
atol
wcstombs
strrchr
_snprintf
calloc
_initterm
_adjust_fdiv
_strrev
_stricmp
_strnicmp
_strcmpi
malloc
free
_except_handler3
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
_beginthreadex
??2@YAPAXI@Z

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

msvcp60

?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

imm32

ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

msvfw32

ICClose
ICSeqCompressFrame
ICSendMessage
ICSeqCompressFrameEnd
ICCompressorFree
ICOpen
ICSeqCompressFrameStart

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA

Exports

Exports

CodeMain
CodeService
MainCode
MainService
ServiceCode
ServiceMain
main

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55bff68720469a451d19e7a2dcf17633

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

shlwapi

msvcrt

userenv

msvcp60

imm32

msvfw32

wtsapi32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 132KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 8KB - Virtual size: 8KB