gh0strat | c78c355e49dba6b76f8f2ba3542445a4fa2b6a07ffcc67e32bbe4d9c7afab6c3

Sharing

Copy URL Twitter E-mail

General

Target

c78c355e49dba6b76f8f2ba3542445a4fa2b6a07ffcc67e32bbe4d9c7afab6c3
Size

152KB
MD5

4d10904e8465c689a568dffffce196b4
SHA1

44e600647114b3134fa8e995e89c7244bff3a63c
SHA256

c78c355e49dba6b76f8f2ba3542445a4fa2b6a07ffcc67e32bbe4d9c7afab6c3
SHA512

8497d6f80e676a183bafa9e6b7e4a9e246824cdd2a6f4c54451573395cef0aa268d8f604a09c039c7a032b5707c2b285aa6303a50bbd3be4c30a5a9027a84506
SSDEEP

3072:qcL5sc4MD/jo9ZDhZxc+GL/zTBftIYRQZUjq6Us:9LyOU9Znx7GL/zTBlIYRdjj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

c78c355e49dba6b76f8f2ba3542445a4fa2b6a07ffcc67e32bbe4d9c7afab6c3
.dll regsvr32 windows x86

9be0e8d5743c994bee85d62b40da7fcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindow
ShowWindow
EnableWindow
CloseWindowStation
LoadCursorA
DestroyCursor
GetCursorInfo
wvsprintfA
MessageBoxA
CreateWindowExA
DestroyWindow
GetClassNameA
wsprintfA

kernel32

GetTempFileNameA
RaiseException
IsBadWritePtr
FormatMessageA
SetUnhandledExceptionFilter
GetExitCodeProcess
ExitProcess
LeaveCriticalSection
InitializeCriticalSection
InterlockedExchange
ExpandEnvironmentStringsA
GetTickCount
lstrlenA
LocalFree
GetProcAddress
GetModuleHandleA
GetLastError
lstrcmpiA
lstrcpyA
LocalReAlloc
LocalSize
LocalAlloc
CloseHandle
lstrcatA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
VirtualAlloc
GetFileAttributesExA
lstrcmpA
GetSystemDirectoryA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetModuleFileNameA
Sleep
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GlobalFree
GlobalAlloc
LoadLibraryA
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA

msvcrt

strtol
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_strupr
_wcsicmp
_stricmp
_strlwr
_memicmp
??3@YAXPAX@Z
rand
srand
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
strchr
_except_handler3
strstr
realloc
malloc
strncpy
atoi
wcslen
wcstombs
memmove
ceil
_CxxThrowException
free
strrchr
strncat
wcsrchr
_beginthreadex

Exports

Exports

CredUICmdLinePromptForCredentialsA
CredUICmdLinePromptForCredentialsW
CredUIConfirmCredentialsA
CredUIConfirmCredentialsW
CredUIInitControls
CredUIParseUserNameA
CredUIParseUserNameW
CredUIPromptForCredentialsA
CredUIPromptForCredentialsW
CredUIReadSSOCredA
CredUIReadSSOCredW
CredUIStoreSSOCredA
CredUIStoreSSOCredW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9be0e8d5743c994bee85d62b40da7fcd

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB