gh0strat | 83b4677e2ff1b1d32a085ce2bfcaa3ee5926e01091d814596ec4d443ad5dd155 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83b4677e2ff1b1d32a085ce2bfcaa3ee5926e01091d814596ec4d443ad5dd155
Size

19.1MB
MD5

f3f8bf54543b1a53d1c9109cccd17df1
SHA1

ff798ba289fcae198fd7296897028bb67623abb1
SHA256

83b4677e2ff1b1d32a085ce2bfcaa3ee5926e01091d814596ec4d443ad5dd155
SHA512

a852c4a3b66b281d6fd50f422e6e1b4f18001af5fbde768b674b93e19c7617014ee1b536a923d85d93ddf89708221f4fab1c65357b79844cab383fb1c661ad60
SSDEEP

3072:6BtSf+yOmPD8IRr+PqbssYPx5HcTBfthHr5vnFPnjyOmPD8IRr4:6BTyPRqyhYPbHcTBlhHrlndnjyPRc

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

83b4677e2ff1b1d32a085ce2bfcaa3ee5926e01091d814596ec4d443ad5dd155
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ