gh0strat | 8aa6242e8a255d259795603f9180f73e4d961d05fe4f6a760aa67b30992572c0

General

Target

8aa6242e8a255d259795603f9180f73e4d961d05fe4f6a760aa67b30992572c0
Size

252KB
MD5

b18432fdccbab26e9543c42d0e93fdff
SHA1

282efcaaae71fab44b8300ff5a911da99d3d6f6b
SHA256

8aa6242e8a255d259795603f9180f73e4d961d05fe4f6a760aa67b30992572c0
SHA512

5ccbaba144d2d7a071c922729e02bacd7e9869556d545efb609e8a0942a87c264564be2f02e8434559a67329bb13629e335eab911c24666a0b4546a0f83abe83
SSDEEP

6144:1vpzLSmtaTWHf9DNYtEHhvE3TBlenoz5P:1lXtC6fQqHtE3T3B5P

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

8aa6242e8a255d259795603f9180f73e4d961d05fe4f6a760aa67b30992572c0
.exe windows x86

0a3404fe7103bb47a3c6bcb96d6050f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
lstrcatA
lstrcpyA
GetModuleFileNameA
WinExec
DeleteFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
ReadFile
GetFileSize
MoveFileA
WritePrivateProfileStringA
lstrlenA
SetFilePointer
Sleep
GetLocalTime
GetCurrentThreadId
ExitProcess
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetLastError
LoadLibraryA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
FlushFileBuffers

ole32

CoCreateGuid
CoUninitialize
CoInitialize

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a3404fe7103bb47a3c6bcb96d6050f7

Headers

File Characteristics

Imports

kernel32

ole32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 220KB - Virtual size: 223KB

.rsrc Size: 4KB - Virtual size: 528B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 220KB - Virtual size: 223KB

.rsrc
Size: 4KB - Virtual size: 528B