gh0strat | 576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da | Triage

Sharing

General

Target

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
Size

164KB
MD5

27cec1668216473595fee2f28bd45a70
SHA1

955f96f7e0b289f37afab359504505a84f75bb45
SHA256

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
SHA512

d0e1b022c800598d7680c645927e1eb5621a1356b5697b8824a27f1babca2a48d295906738322f9edf45851f1b4f2bdf4b0771eefb5167460e13b8048c5cabbc
SSDEEP

3072:brpO1VLtIpDmLx8nvbeJXTGoxQpyTDm8PSkNLNs+9+J34:br4LS6ObyX6StTSsSkdE3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

Processes:

resource yara_rule

sample family_gh0strat
Gh0strat family
gh0strat

Files

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
.exe windows x86

16e6c502bf4c3b967c7ad8ada94ce3f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetTickCount
WinExec
GetModuleHandleA
GetLastError
RaiseException
GetStartupInfoA
InterlockedExchange
LocalAlloc
FreeLibrary

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_exit
srand
rand
sprintf
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ