gh0strat | b0ed775ab87b9033cda639b9e130d29686af9866551597a9a33319e3f30f4f72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0ed775ab87b9033cda639b9e130d29686af9866551597a9a33319e3f30f4f72
Size

98KB
MD5

b65dfde58233548d8f95eaad9b3ad81b
SHA1

460e0fc843ff8fdb2529cbe0b0bdd42850d7e8fd
SHA256

b0ed775ab87b9033cda639b9e130d29686af9866551597a9a33319e3f30f4f72
SHA512

809697ab506fd2ad33f5e45492de6e43144beb1ccb87d57c251c9885591a29fc047edde7fec3bd1e8220524d1e24461f2b97119f0464b9564bc75dab8ab7b644
SSDEEP

1536:rYgodjuRec8DpbFreKmSjFIcco8wfcsAof4Tw3J7L4:rYgoNuIDR4KhFIcf8KcsAK4Tw3J7L4

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b0ed775ab87b9033cda639b9e130d29686af9866551597a9a33319e3f30f4f72
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CCenter
Rool
ServiceMain
whm

Sections

.text
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ