gh0strat | b687ac21c8c3fc7cf544447a3089a2b1b695f575fd0fbc4bac650f8b9a02924a

Sharing

Copy URL Twitter E-mail

General

Target

b687ac21c8c3fc7cf544447a3089a2b1b695f575fd0fbc4bac650f8b9a02924a
Size

108KB
MD5

a41fb5631af39db54b4dcbea993c9330
SHA1

03fc562a787c7e714498ec6119f1457e09d88bb5
SHA256

b687ac21c8c3fc7cf544447a3089a2b1b695f575fd0fbc4bac650f8b9a02924a
SHA512

207139f046426f6833533b8a26584c29474d4911f5f61e8b84bec5584fe9b023bec2783f22b7796698475c23e344028aa4e488a7e5183a918972d49beb1f571f
SSDEEP

1536:mTwEGiaW1fLJVHDghUR8k/McAZZf4YePqf+yvLEzD2jdSL8:mTwEeMfKk/MzZZ4YeCGyvLEejdSA

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b687ac21c8c3fc7cf544447a3089a2b1b695f575fd0fbc4bac650f8b9a02924a
.dll windows x86

e04817b123fab87bfc2500f7e595b63c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
lstrcpyA
SetEvent
CancelIo
ResetEvent
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
CreateProcessA
lstrcatA
GetDiskFreeSpaceExA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
DeviceIoControl
GlobalMemoryStatus
GetVersionExA
OpenEventA
SetErrorMode
OutputDebugStringA
GetShortPathNameA
GetModuleFileNameA
Module32Next
Module32First
Process32Next
Process32First
DeleteCriticalSection
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
MultiByteToWideChar
GetCurrentDirectoryA
OpenProcess
TerminateProcess
CreateThread
CreateMutexA
WinExec
GetSystemDirectoryA
GetCurrentProcess
GetStartupInfoA
GetWindowsDirectoryA
FreeLibrary
InitializeCriticalSection
GetLocalTime
ExitProcess
TerminateThread
HeapAlloc
GetProcessHeap
VirtualProtect
IsBadReadPtr
HeapFree
ResumeThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
CreatePipe
LocalSize
lstrcmpiA
GetCurrentThreadId
GetTempPathA
WaitForSingleObject
LoadLibraryA
GetProcAddress
GetTickCount
Sleep
InterlockedExchange
CloseHandle
CreateToolhelp32Snapshot
RaiseException

gdi32

DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteObject

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear

msvcrt

memmove
ceil
_ftol
strstr
_CxxThrowException
free
malloc
_except_handler3
strrchr
realloc
atoi
__CxxFrameHandler
exit
strncpy
_iob
strncmp
sprintf
_errno
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__dllonexit
_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi
_strnicmp
_strupr
_onexit

winmm

waveOutPrepareHeader
waveInOpen
waveInStop
waveInAddBuffer
waveInStart
waveOutWrite
waveInGetNumDevs
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutGetNumDevs
waveInPrepareHeader
waveOutOpen

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

Launch

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e04817b123fab87bfc2500f7e595b63c

Headers

File Characteristics

Imports

kernel32

gdi32

ole32

oleaut32

msvcrt

winmm

msvcp60

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 13KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 6KB - Virtual size: 6KB