gh0strat | 856ed69bea92141b2dbbb7cb82af93371f990c9134ea90c318543ea7726b5fb1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

856ed69bea92141b2dbbb7cb82af93371f990c9134ea90c318543ea7726b5fb1
Size

120KB
MD5

3d15f186481f238aad1c51250a604400
SHA1

220bb94e2ed2d7a42da398728022d4d72c9892d7
SHA256

856ed69bea92141b2dbbb7cb82af93371f990c9134ea90c318543ea7726b5fb1
SHA512

bba151041d1985d6cc6bb1ddf03f626a414ae8eb1dc6c993c8c240d33f62895b8d9b59c02bb08a21df3f895ecf21ec04adb6164fa2a4240ac4b1261851f05860
SSDEEP

3072:Sl0/2UT2loXgupYbTGygGucp0Yf/XXIVzGGjtMnJ:o0/PaCQaYbqEu89fvXKzGMc

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

856ed69bea92141b2dbbb7cb82af93371f990c9134ea90c318543ea7726b5fb1
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

InstallService
ServiceMain
VistaServiceMain
main
setup

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ