gh0strat | bdbec14f57027aae53d59abd2076d281f4dc603a5ca73bb194844eb223e71a80 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdbec14f57027aae53d59abd2076d281f4dc603a5ca73bb194844eb223e71a80
Size

115KB
MD5

1351e3f0707d95dd8a40d1756f8158f8
SHA1

5a59e1df8e3a8fad8648452ca937afbd6cb049dc
SHA256

bdbec14f57027aae53d59abd2076d281f4dc603a5ca73bb194844eb223e71a80
SHA512

00ab2c92c3d75f2d3053f67e8e10e75e8d1ad0eac23c00b5c4452acb2e484955b752d56202a6b8dea485a21aab2bb70c176f52166a6484951698eab0eac275fd
SSDEEP

3072:S3kM35Iyj3dsml2TowfzOLNtY5G9m0CdA8cW8AIu//g:SUKIyRyTowfzOBtQG9pR8nqug

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

bdbec14f57027aae53d59abd2076d281f4dc603a5ca73bb194844eb223e71a80
.exe windows x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 34KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ