gh0strat | 97749a8c835e6b848aca64389d79c4acea9796254b17dd0732bb727614729749 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97749a8c835e6b848aca64389d79c4acea9796254b17dd0732bb727614729749
Size

99KB
MD5

5a94d8038573caf7b7dabe9f50cb0a3b
SHA1

d441038ee9368ea687eb5193835f441f7565b543
SHA256

97749a8c835e6b848aca64389d79c4acea9796254b17dd0732bb727614729749
SHA512

9a97ebdafdfbe79d3b31ddd279d451502dc456ef5ea0e3bee96b04e87c1a81f5b4c82138767b23731275283525dde10c35f0945945ab22a706e368e43758799d
SSDEEP

3072:a1htOV6hb0Bk3gZe9wRxOzpmfHdTMmrHC6QT:QbWuikQswHoSHFMmL9Y

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

97749a8c835e6b848aca64389d79c4acea9796254b17dd0732bb727614729749
.exe windows x86

5426bf666772d67d9b7cdcece09fa575

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CloseHandle
CreateThread
Sleep
ExitProcess
GetModuleFileNameA
MoveFileExA
DeleteFileA
FreeResource
SetFilePointer
WriteFile
SizeofResource
CreateFileA
LoadResource
FindResourceA
lstrcpyA
lstrcmpiA
SetLastError
ReadFile
lstrcatA
LoadLibraryA
GetProcAddress
lstrlenA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

gdi32

GetStockObject

msvcrt

strlen
??2@YAPAXI@Z
memcpy
realloc
malloc
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??1type_info@@UAE@XZ
strcat
strchr
_except_handler3
_strrev

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ