gh0strat | bcf0a7d8999c5f4043a56e87a3ae991557b3b367ece91f60cc8ce4d844bbb9d3

Sharing

Copy URL Twitter E-mail

General

Target

bcf0a7d8999c5f4043a56e87a3ae991557b3b367ece91f60cc8ce4d844bbb9d3
Size

109KB
MD5

deaafcf784cbecb1f113d4561ddcf4aa
SHA1

98c5cf1a02958a0e5f7d4e766b64b90ac7a98893
SHA256

bcf0a7d8999c5f4043a56e87a3ae991557b3b367ece91f60cc8ce4d844bbb9d3
SHA512

47fb0334cb98c2995d2ce99399b7ddfd854d7a8e5c6fedf81faa5035ed35c7f99bb6dce21abd6a3b2ea31a53c0368faf44ce3aebe9812e0bf77c59e8150d4df3
SSDEEP

1536:RmTgWMkSibNG8YIaT024cKau2f9d0mK5+NkX++mHi:XWnSiDYI124Wug9d03+aX++mHi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

bcf0a7d8999c5f4043a56e87a3ae991557b3b367ece91f60cc8ce4d844bbb9d3
.dll windows x86

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcschr
_snprintf
_errno
sprintf
strncpy
strncmp
wcstombs
fputs
wcsncpy
wcslen
wcsrchr
_except_handler3
free
_wcsupr
wcsstr
_strnicmp
fclose
fgets
mbstowcs
wcscpy
strchr
atoi
malloc
realloc
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
wcscat
wcsncat
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fopen

user32

OpenWindowStationW
GetProcessWindowStation
CharNextW
MessageBoxW
LoadCursorW
DestroyCursor
MapVirtualKeyW
SetRect
GetSystemMetrics
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
DispatchMessageW
TranslateMessage
GetCursorPos
MoveWindow
GetWindowRect
ShowWindow
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationW
GetThreadDesktop
OpenDesktopW
CreateWindowExW
CloseWindow
SendMessageW
IsWindow
SetProcessWindowStation
wsprintfW
GetMessageW

winmm

waveInOpen
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInGetNumDevs
waveInStop

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
gethostname
WSASocketW
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
inet_addr
getsockname
inet_ntoa
WSAStartup

msvfw32

ICClose
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrame
ICOpen
ICSendMessage

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

kernel32

GetModuleHandleA
CreateEventW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
VirtualFree
VirtualAlloc
ResetEvent
CancelIo
lstrlenW
MultiByteToWideChar
OutputDebugStringW
lstrcpyW
GetVersionExW
DeleteFileA
GetFileSize
lstrcatW
SetErrorMode
SetUnhandledExceptionFilter
GetTickCount
ExitProcess
Sleep
FreeConsole
SetFileAttributesW
GetProcAddress
LoadLibraryW
LocalFree
lstrcmpW
LocalReAlloc
LocalAlloc
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetCurrentProcess
lstrcmpiW

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

Imports

msvcrt

user32

winmm

ws2_32

msvfw32

msvcp60

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 6KB