gh0strat | ea6e15a493165be97b3ab593f23252064c95a08f4c28628baeb846b9e137011c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea6e15a493165be97b3ab593f23252064c95a08f4c28628baeb846b9e137011c
Size

196KB
MD5

b0ffaad9e36afae24370f210700a7368
SHA1

a18754264614cb1bfa16b2a86000dbbb305129e1
SHA256

ea6e15a493165be97b3ab593f23252064c95a08f4c28628baeb846b9e137011c
SHA512

b96a2342c092ede46b5966b646b7c05c96d27b129c4c14004bae804cbb68a87fd19051eb608dcd820f0b26ee8ff745596458c52fc2f84567c8167f0871730563
SSDEEP

3072:HHjaFrhw9++pM/kkfel0ns73dBrPRgQyWoVHSJNqc/mrAy7XwkqYC8VGkUDCk/fU:HHUhw4+C5R8+QOVHSJEcA7FqV8VG3j1

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ea6e15a493165be97b3ab593f23252064c95a08f4c28628baeb846b9e137011c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 192KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ