gh0strat | 2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4 | Triage

Sharing

General

Target

2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4
Size

272KB
MD5

d58d2a5999a7c61e1fd713cdd9040310
SHA1

fa06bd3278a77fa04128918f034325c6fc7418d7
SHA256

2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4
SHA512

241a5a8c921c9f027625698dc30560c34dc81860a0a9682d0f0264c388fed2fb0277c4993ac45f2166c1d8ae9f14fd6a80839e54ef7697003bdb3a96b8971214
SSDEEP

6144:ZUeP1++FXjFQw5ezTBlBAnbn7+TCNWP+0gC:PP1PXjFQFzT3vCNWP+0gC

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

2cf30cad9727afa44cbd147308832af11303f575bcd1f99f438d2c841dcb7cf4
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ