gh0strat | d22a11c1ef2e27ed62658d45b11b589b45e924158d0102ce96d671a1174260df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d22a11c1ef2e27ed62658d45b11b589b45e924158d0102ce96d671a1174260df
Size

160KB
MD5

62d8ba184a2e011d15443f6bd64c10aa
SHA1

4c2212b705f6d40cca61a602d8f42f818f0bd0f0
SHA256

d22a11c1ef2e27ed62658d45b11b589b45e924158d0102ce96d671a1174260df
SHA512

4ddfc5abdda76536aa72e01f81a1f09efedd1e56dc190473c246515d2dc98a800e1083d5c717bf435998e1453e85b9e091540e928061209387cdb04882c1f077
SSDEEP

3072:3/fNS0S2F/PXmLUt0jqX2eP9Jm6cTBfthHrpCnFPn:3/fK26UGGBP946cTBlhHr0ndn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

d22a11c1ef2e27ed62658d45b11b589b45e924158d0102ce96d671a1174260df
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

npaDDcONNECTION
npaDDcONNECTION3
npcANCELcONNECTION
npcLOSEeNUM
npeNUMrESOURCE
npgETcAPS
npgETcONNECTION
npgETrESOURCEiNFORMATION
npgETrESOURCEpARENT

Sections

sade.
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

sade.
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sade.
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sade.
Size: 16KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ