gh0strat | 2e677c3e16d19b1e431de89f47e19d2b76783773cd1f0920444f7431f456ddb1

Sharing

Copy URL Twitter E-mail

General

Target

2e677c3e16d19b1e431de89f47e19d2b76783773cd1f0920444f7431f456ddb1
Size

98KB
MD5

3ad2a6102e6572f9a55ec6e145c21e30
SHA1

5f7d9cf9a58dc9479ddf2326c7dab070f7faea34
SHA256

2e677c3e16d19b1e431de89f47e19d2b76783773cd1f0920444f7431f456ddb1
SHA512

e633b226b8db04531ae77e552412bbf0698946c3bbaf161a15fb411c5257757dfcba92b6c8b6be9a803667084322f92ac7a9eb5b63d6d4df1b7714dbb9f6f4a8
SSDEEP

1536:jhJ5HyM5nG+2aVskr1jvNpd8g7hbVGW2ttcCB0VfoYuLdB:jr5N54CsA1TOQeW2ttBB0NoYuBB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

2e677c3e16d19b1e431de89f47e19d2b76783773cd1f0920444f7431f456ddb1
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

dfdfa10
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

kkv11
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

b12
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

wwwww11
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

iiiii8
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

9
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

gggg6
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yyyyc13
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

d14
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

axc0
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

kkoe15
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bbbbbz17
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

trrr12
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

aaaax18
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

uuuy19
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ffffb31
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

aaaaaz2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zzzza3
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xc0
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

dfdfa10 Size: 1KB - Virtual size: 1KB

kkv11 Size: 3KB - Virtual size: 2KB

b12 Size: 6KB - Virtual size: 6KB

wwwww11 Size: 512B - Virtual size: 16B

iiiii8 Size: 2KB - Virtual size: 2KB

9 Size: 6KB - Virtual size: 5KB

gggg6 Size: 1024B - Virtual size: 752B

yyyyc13 Size: 2KB - Virtual size: 1KB

d14 Size: 4KB - Virtual size: 3KB

axc0 Size: 11KB - Virtual size: 11KB

kkoe15 Size: 512B - Virtual size: 448B

bbbbbz17 Size: 3KB - Virtual size: 3KB

trrr12 Size: 512B - Virtual size: 192B

aaaax18 Size: 3KB - Virtual size: 3KB

uuuy19 Size: 2KB - Virtual size: 1KB

ffffb31 Size: 2KB - Virtual size: 1KB

aaaaaz2 Size: 1KB - Virtual size: 1KB

zzzza3 Size: 2KB - Virtual size: 1KB

xc0 Size: 512B - Virtual size: 144B

.rdata Size: 48KB - Virtual size: 47KB

.edata Size: 512B - Virtual size: 124B

.xdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

dfdfa10
Size: 1KB - Virtual size: 1KB

kkv11
Size: 3KB - Virtual size: 2KB

b12
Size: 6KB - Virtual size: 6KB

wwwww11
Size: 512B - Virtual size: 16B

iiiii8
Size: 2KB - Virtual size: 2KB

9
Size: 6KB - Virtual size: 5KB

gggg6
Size: 1024B - Virtual size: 752B

yyyyc13
Size: 2KB - Virtual size: 1KB

d14
Size: 4KB - Virtual size: 3KB

axc0
Size: 11KB - Virtual size: 11KB

kkoe15
Size: 512B - Virtual size: 448B

bbbbbz17
Size: 3KB - Virtual size: 3KB

trrr12
Size: 512B - Virtual size: 192B

aaaax18
Size: 3KB - Virtual size: 3KB

uuuy19
Size: 2KB - Virtual size: 1KB

ffffb31
Size: 2KB - Virtual size: 1KB

aaaaaz2
Size: 1KB - Virtual size: 1KB

zzzza3
Size: 2KB - Virtual size: 1KB

xc0
Size: 512B - Virtual size: 144B

.rdata
Size: 48KB - Virtual size: 47KB

.edata
Size: 512B - Virtual size: 124B

.xdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB