gh0strat | dd33ce9e1cf2304e909f7844e21cd6d52c380771a75657dbe50715664c555cd7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd33ce9e1cf2304e909f7844e21cd6d52c380771a75657dbe50715664c555cd7
Size

748KB
MD5

a3c72939996c33c32d55bd5ab2849a53
SHA1

f52c4e6bfef1d7be92d6d401ad5933b21b17fe6d
SHA256

dd33ce9e1cf2304e909f7844e21cd6d52c380771a75657dbe50715664c555cd7
SHA512

b9cd5941588f98bd8fc685a35f27cdba35fb7dbea0487fed05444aa4b5fdcd33e325d0d1fce92ee9c51ad4051ca445cce608226e38e43fb2bb920728af5d392d
SSDEEP

3072:qrKcrzsoROoAs6sB/ApJikucEmUTBftJMpndnDLfl8o2GWmsouL:q5rzfhAD0/WJ2mUTBlJMpndnDrl8/hvL

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

dd33ce9e1cf2304e909f7844e21cd6d52c380771a75657dbe50715664c555cd7
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

UPSCancelWait
UPSGetState
UPSInit
UPSStop

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ