gh0strat | 62c9af09441fc7d6bf0dd84f95ae5f3ed6c05367575134ebdde686663dca83af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62c9af09441fc7d6bf0dd84f95ae5f3ed6c05367575134ebdde686663dca83af
Size

633KB
MD5

2c471f485c4a221455e7840875e6e971
SHA1

b0a77899d16b61026cce3b86511dd76b55f0647c
SHA256

62c9af09441fc7d6bf0dd84f95ae5f3ed6c05367575134ebdde686663dca83af
SHA512

0e449efe5fc8aaaf1103091258f0d34015679dccd9708dfaa8880b1ac3feca908851aa5015fc15a6c8b833bf0300631d6f2e8a0476c6121fe8d830f55cae1764
SSDEEP

12288:5cjrLQhTeGDF1r+TStBXvWyZ4uVNedGlHAM5gLFPMd0nS:5cjeTeGDF1r+TStBXhZPVNXJAM5gJkd

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

62c9af09441fc7d6bf0dd84f95ae5f3ed6c05367575134ebdde686663dca83af
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

1818tt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE