gh0strat | b176c861aa8310154f4ba0c41a8bb41c90684d2a2bd9778f664576e2f43c9662 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b176c861aa8310154f4ba0c41a8bb41c90684d2a2bd9778f664576e2f43c9662
Size

120KB
MD5

7618d0cd51572ad98bca3e7faecd1d47
SHA1

edbf94297e6d90fac0c9c01f6141e2236db7759f
SHA256

b176c861aa8310154f4ba0c41a8bb41c90684d2a2bd9778f664576e2f43c9662
SHA512

534c831ad267c2f9c133dd2237f6b578f3c42fb108b247f7dc90ba7a1a33c57eb9e4c43fa2f77fa87fe71b5fe9908fcbfd28e53d7c7c8b5d22f63982f84a0ca5
SSDEEP

3072:6lK/2UT2loXguHvjTGygGucp0Yf/XXIVzG+RriMnJ:gK/PaCQsvjqEu89fvXKzGtc

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b176c861aa8310154f4ba0c41a8bb41c90684d2a2bd9778f664576e2f43c9662
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

InstallService
ServiceMain
VistaServiceMain
main
setup

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ