Behavioral task
behavioral1
Sample
09ea8727f1acaed1ca5aca7ab8be8d0bc0cef0abeab054a33ba434d3e4e52cf4.exe
Resource
win7-20220812-en
General
-
Target
09ea8727f1acaed1ca5aca7ab8be8d0bc0cef0abeab054a33ba434d3e4e52cf4
-
Size
307KB
-
MD5
1b324726b9e0769f6b3d7a0fc6564ee3
-
SHA1
3314fe5230c20f50c60e98ad98770b27587a39ed
-
SHA256
09ea8727f1acaed1ca5aca7ab8be8d0bc0cef0abeab054a33ba434d3e4e52cf4
-
SHA512
90667db21e84cb216b1c070b4d6bf0ebe87f1377cd45c9a2914a53bd6711f76d297b303ef8370e2c90107eef15a00f7dd71a1ebe903179bbe330a22d3fcdb30e
-
SSDEEP
6144:e3JVGpxx9b3wZuw64GHeqo4Gu/LYEfi9QR5QQT8g09fINh+GUZ7q0FStHa9eu5B:sJI3L3+fTcG4NyEy8PcywrZ9FSdqB
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
Files
-
09ea8727f1acaed1ca5aca7ab8be8d0bc0cef0abeab054a33ba434d3e4e52cf4.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 129KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.yvs Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE