gh0strat | aaee7655e562dfee1362038b11df87a15eb0caf3ff77aba091b4a86c9aca2185 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aaee7655e562dfee1362038b11df87a15eb0caf3ff77aba091b4a86c9aca2185
Size

105KB
MD5

93fab7b36bf5e733b7a27c866bcd5f26
SHA1

9b2c5c5a69fdf45c388049eea880357a9a837dd9
SHA256

aaee7655e562dfee1362038b11df87a15eb0caf3ff77aba091b4a86c9aca2185
SHA512

b5de15ead0b436a677e7d279c5706425ffbfb2c1f81ea2ec62937a5015c6cfc4fe259152d6410cfd6ce340d88de13b20686439979f2e63137791a6771d48c8b8
SSDEEP

3072:AWxlQ33JGY/bdICEm4cGUNIUt1bkIAjcaCd:Lxepo44XaXt1oIAwj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

aaee7655e562dfee1362038b11df87a15eb0caf3ff77aba091b4a86c9aca2185
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ