gh0strat | f7a610d2f62937f9eec31751853789ff75d849a54dfb4be0004f412ee2ed75b2

Sharing

Copy URL Twitter E-mail

General

Target

f7a610d2f62937f9eec31751853789ff75d849a54dfb4be0004f412ee2ed75b2
Size

115KB
MD5

ae3d901be6ec4f9200dc7879da843eac
SHA1

240514b822d2b1b7df15be30e11d370eb94b3157
SHA256

f7a610d2f62937f9eec31751853789ff75d849a54dfb4be0004f412ee2ed75b2
SHA512

d08aca80e24bb6651652b45140f4da338d2c44dba698be5c27b37f004dd79072e709d57e0aa2122e92dbb75a096b0d0b4bbb1617c7d5ca6d34a10d0e94ea4d52
SSDEEP

1536:C8G18IE8L9N7j9in5HyGPNOgr8691XkcyowjfV+c1u3hWEfN+Oh70n:VG1W8/UnQ4RxXk0wDV+cchWEl+Oh7w

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

f7a610d2f62937f9eec31751853789ff75d849a54dfb4be0004f412ee2ed75b2
.dll windows x86

58f8326db49fac0a83b28ad3d1bd51f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_snprintf
_errno
sprintf
strncmp
fputs
strncpy
wcslen
wcsrchr
_except_handler3
free
fseek
fread
fwrite
fputc
_wcsupr
_wcsrev
fopen
_wcsnicmp
fgets
mbstowcs
wcscpy
wcscat
wcsstr
wcstombs
strchr
atoi
malloc
realloc
_CxxThrowException
strstr
_ftol
ceil
memmove
??2@YAPAXI@Z
__CxxFrameHandler
_strnicmp
wcschr
wcsncat
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fclose
??3@YAXPAX@Z

kernel32

GetProcAddress
RaiseException
FreeLibrary
GetModuleHandleW
GetCurrentProcess
OpenProcess
LocalSize
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLocalTime
lstrlenA
MoveFileW
LocalAlloc
LocalReAlloc
lstrcmpW
LocalFree
FindClose
WideCharToMultiByte
GetModuleFileNameW
GetLastError
CopyFileW
FreeConsole
CreateMutexA
SetErrorMode
OpenEventW
ReleaseMutex
GetFileSize
ReadFile
GetVersionExW
lstrcpyW
MultiByteToWideChar
lstrlenW
lstrcatW
OutputDebugStringW
Sleep
LoadLibraryW
LoadLibraryA
InterlockedExchange
ResetEvent
VirtualAlloc
CloseHandle
TerminateThread
ResumeThread
CreateThread
WaitForSingleObject
SetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection

msvfw32

ICSendMessage

msvcp60

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Xran@std@@YAXXZ

netapi32

NetUserAdd
NetLocalGroupAddMembers

Exports

Exports

Kill360Box
ServiceMain
aacc
dddd

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58f8326db49fac0a83b28ad3d1bd51f6

Headers

File Characteristics

Imports

msvcrt

kernel32

msvfw32

msvcp60

netapi32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 13KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 7KB - Virtual size: 7KB