gh0strat | c91404dc774ba818a120c65d9013020ef3b3f50b270cfd40ce325e0015a03c67 | Triage

Sharing

General

Target

c91404dc774ba818a120c65d9013020ef3b3f50b270cfd40ce325e0015a03c67
Size

464KB
MD5

37c2b4c161bb82d7816d110ec706109d
SHA1

463785c342ae0e4515d06d44adb403042281c931
SHA256

c91404dc774ba818a120c65d9013020ef3b3f50b270cfd40ce325e0015a03c67
SHA512

d321de5e511e2284d998a95dc4675f50609db8cb557f2244ca7a1b2da8542daa5127492506670c9c496b165bacd0eb91ba396087f46d5d60d0195c2b222e1ce8
SSDEEP

12288:6BxkoysxaD1hT3XBePPBxkoysxaD1hT3XBePZ:6hqzT3RQhqzT3R2

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

c91404dc774ba818a120c65d9013020ef3b3f50b270cfd40ce325e0015a03c67
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CoCreateActivity
CoEnterServiceDomain
CoLeaveServiceDomain
CoLoadServices
ComSvcsExceptionFilter
ComSvcsLogError
CosGetCallContext
DispManGetContext
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetMTAThreadPoolMetrics
GetManagedExtensions
GetObjectContext
GetTrkSvrObject
MTSCreateActivity
MiniDumpW
RecycleSurrogate

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ