gh0strat | f0cd34243ff03b5f1c9b7a29e93a9ebc7f5b50f986f461a023a99a688e1552c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0cd34243ff03b5f1c9b7a29e93a9ebc7f5b50f986f461a023a99a688e1552c2
Size

97KB
MD5

80b6d1867436775204a4c0f47d963d11
SHA1

4560f27f3842b3e51dca22c65274bde72d894a05
SHA256

f0cd34243ff03b5f1c9b7a29e93a9ebc7f5b50f986f461a023a99a688e1552c2
SHA512

f6dd87bdc2d653fae05dbd452e64c2ea0c78bf83438c38a957cf5b035cb30469a1df2fe4b3345d6f68046c69f4d08d3bed0eee96efe7ac127344ab062f10f3dd
SSDEEP

3072:fAvCQ67gfWlrwwBAK8XVSYwbGXydWC56cic8:Ivf67/Gw6jvwbSydWCktB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

f0cd34243ff03b5f1c9b7a29e93a9ebc7f5b50f986f461a023a99a688e1552c2
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE