gh0strat | a4ddef538510d40d0443b844bb37821ccc453734f043b646ee74fdf49cd9e2cf

Sharing

Copy URL Twitter E-mail

General

Target

a4ddef538510d40d0443b844bb37821ccc453734f043b646ee74fdf49cd9e2cf
Size

595KB
MD5

16c46631651c0de782ae155ebaf03331
SHA1

88fdec6875d56e6673ab538c6891a5cf2d01fa6c
SHA256

a4ddef538510d40d0443b844bb37821ccc453734f043b646ee74fdf49cd9e2cf
SHA512

c175fb37e90c2b094befbe79c932e7ec9d8519e0be3543d28d0ce92a35c8e0504a304bf8200522f67b568cfc3b433967155b6a9bc8ea200ed58d3c613a3a6688
SSDEEP

12288:VtM5rHgDJ9sk5bbr+T0HjDtufWw507YNKWMCrgDOSUWhszErJ:VtM5rHU9sk5bbr+T0HjDtu35GYtRgDOQ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

a4ddef538510d40d0443b844bb37821ccc453734f043b646ee74fdf49cd9e2cf
.exe windows x86

bd1640916ffb68e378b74fc9f331fcf0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
GlobalMemoryStatus
SetPriorityClass
GetModuleFileNameA
GetStartupInfoA
OpenProcess
Process32Next
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetTickCount
MultiByteToWideChar
Sleep
DeviceIoControl
GetVersion
MoveFileA
LocalAlloc
FindFirstFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
GetProcAddress
CreateProcessA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
InterlockedExchange
lstrcpyA
ResetEvent
WideCharToMultiByte
LeaveCriticalSection
LoadLibraryA
GetSystemInfo
RaiseException
GetLastError
GetModuleHandleA

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

LookupPrivilegeValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString

msvcrt

??1exception@@UAE@XZ
_CxxThrowException
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
ceil
_ftol
strstr
_purecall
strchr
malloc
free
_except_handler3
strrchr
exit
atoi
strncmp
strncpy
_errno
wcscpy
strncat
_beginthreadex
sprintf
vsprintf
calloc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??1type_info@@UAE@XZ
??0exception@@QAE@ABQBD@Z

winmm

waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInClose
waveInUnprepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInReset
waveOutReset
waveInStop
waveOutUnprepareHeader
waveOutClose

urlmon

URLDownloadToFileA

netapi32

NetUserAdd
NetLocalGroupAddMembers

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd1640916ffb68e378b74fc9f331fcf0

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

winmm

urlmon

netapi32

psapi

wtsapi32

Sections

.text Size: 460KB - Virtual size: 459KB

.data Size: 11KB - Virtual size: 473KB

.rsrc Size: 123KB - Virtual size: 122KB

.text
Size: 460KB - Virtual size: 459KB

.data
Size: 11KB - Virtual size: 473KB

.rsrc
Size: 123KB - Virtual size: 122KB