gh0strat | b43c35f08b3201b5dd678988123f30c384b76be64cf4773946c3fc5c61a0f7b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b43c35f08b3201b5dd678988123f30c384b76be64cf4773946c3fc5c61a0f7b6
Size

176KB
MD5

8751bf5b4c135c951a9cb4d9e30c7e18
SHA1

a8fca607b4082f4c953e24306a2ef26236b8c187
SHA256

b43c35f08b3201b5dd678988123f30c384b76be64cf4773946c3fc5c61a0f7b6
SHA512

4bd26bd18289ad6680b854ec6d34163fb2fb99b1c1d7d4f5efaae24a943c7858acfbaab25ea99137611b56c432a1162258659d9966c3b4dc445f79db0962128b
SSDEEP

3072:V0IPeqovhA58gMreQNihzFEnitlffRo+8uRJUZZWsFIYzS:V0Ieqo5bN2l3f6KgZZj+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b43c35f08b3201b5dd678988123f30c384b76be64cf4773946c3fc5c61a0f7b6
.exe windows x86

eac0e10c79fabf0cbb3c19a2441af539

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
CreateEventA
GetModuleHandleA
GetStartupInfoA
GetEnvironmentVariableA
CloseHandle
lstrlenA
SetFilePointer
LoadLibraryA
GetProcAddress

user32

LoadCursorA
LoadIconA
wsprintfA
RegisterClassA

advapi32

ControlService
RegSetValueExA
RegCloseKey
ChangeServiceConfigA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA

msvcrt

_initterm
_controlfp
_except_handler3
sprintf
rand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__set_app_type
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ