gh0strat | 5c4c7e8b5bfebeee3f2782573c133084674ada736eab9252a8cd65eb20199f8b

General

Target

5c4c7e8b5bfebeee3f2782573c133084674ada736eab9252a8cd65eb20199f8b
Size

7.4MB
MD5

576547db244b15da1e9d064527a1fc5c
SHA1

fab928286caf63940aa2136b264300caf907eb36
SHA256

5c4c7e8b5bfebeee3f2782573c133084674ada736eab9252a8cd65eb20199f8b
SHA512

80154de898189dc578f8a9b44a023bb25cc8803372d4c2e08bbb25535e72eca3af77a34591659e34276a06ba26ff2b050a6deb72ceed7aa828059ea1289ecd42
SSDEEP

12288:8F5m7D8i9zOeGqw6NWtBsNF5m7D8i9zOeGqw6NWtBsS:8Hm7Db9zOeGJ6NRNHm7Db9zOeGJ6NRS

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

5c4c7e8b5bfebeee3f2782573c133084674ada736eab9252a8cd65eb20199f8b
.dll windows x86

a5d2faaf0efa22b4e21cbf286379ec6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
Sleep
GetProcessHeap
GetTickCount
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetFileAttributesA
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
FlushFileBuffers
LCMapStringA
LCMapStringW
SetStdHandle
CloseHandle
FreeLibrary
LocalAlloc
InterlockedExchange

Exports

Exports

ServiceMain

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5d2faaf0efa22b4e21cbf286379ec6a

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 23KB - Virtual size: 31KB

.rsrc Size: 55KB - Virtual size: 56KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 23KB - Virtual size: 31KB

.rsrc
Size: 55KB - Virtual size: 56KB

.reloc
Size: 11KB - Virtual size: 10KB