gh0strat | db49f761f6e9b7c89e1c7a569cc5bbed398cb762b5c190daac286d1377d9c56f | Triage

Sharing

General

Target

db49f761f6e9b7c89e1c7a569cc5bbed398cb762b5c190daac286d1377d9c56f
Size

109KB
MD5

d8216fe1052cf0375342a8df306b00ce
SHA1

760cad5b120cf5d2d6e3c1eac8231d607f4f3262
SHA256

db49f761f6e9b7c89e1c7a569cc5bbed398cb762b5c190daac286d1377d9c56f
SHA512

baa4f52075f7d3def5767e657599c381bef6c7d53645abfe138d691c9b47682425fd059cb24b7de8e7e7230b3fa09957c3dc99fb34fef1a8b71c6622f5e14e68
SSDEEP

1536:BCTwSV4SibNn8YIaT624cKau2f9d0uP3+Nvr+mHT:zS2SiuYIb24Wug9d0g+lr+mHT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

db49f761f6e9b7c89e1c7a569cc5bbed398cb762b5c190daac286d1377d9c56f
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ