gh0strat | 912f019c187ff21d5c4b60d7a6705b0e3f51913cb282c4b4390b3f189b50ffc9

Sharing

Copy URL Twitter E-mail

General

Target

912f019c187ff21d5c4b60d7a6705b0e3f51913cb282c4b4390b3f189b50ffc9
Size

148KB
MD5

c9fc93c5844693a694191a2de3ecb799
SHA1

f84e53b61d29ccff275b841c31f09611da261f20
SHA256

912f019c187ff21d5c4b60d7a6705b0e3f51913cb282c4b4390b3f189b50ffc9
SHA512

5a24c703ceb6f9f154810427632ad28fb2f9c5b8e6f2f3b48050cb44b79adeeba88090c3306d72b860e53412e48a08149d395c7fac8a8534f21752804d6a1bfb
SSDEEP

3072:e3Evsnz4mDOxeJ6CoTpqK0qA5g9SVG1jzDgTBftw7s4GHOwK:e3E2UmSxWwMSAS9wCzDgTBlw7s4GHOp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

912f019c187ff21d5c4b60d7a6705b0e3f51913cb282c4b4390b3f189b50ffc9
.dll windows x86

ea8d6560be72981bd24e82531b375714

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW

gdi32

SetStretchBltMode
StretchDIBits

user32

DestroyCursor
GetCursorInfo
wsprintfA
CreateWindowExA
DestroyWindow
MessageBoxA
CloseWindowStation
GetClassNameA
GetWindow
FindWindowA
ShowWindow
wvsprintfA
BlockInput
LoadCursorA

kernel32

RaiseException
VirtualAlloc
VirtualFree
CreateFileMappingA
MapViewOfFile
GlobalSize
GlobalLock
GlobalUnlock
IsBadWritePtr
FormatMessageA
GetLocalTime
SetUnhandledExceptionFilter
GetLongPathNameA
GetTempPathA
GetTickCount
CloseHandle
ExitProcess
lstrcatA
lstrcpyA
GetSystemDirectoryA
Sleep
GetExitCodeProcess
InterlockedExchange
GetLastError
lstrcmpiA
lstrlenA
ExpandEnvironmentStringsA
LocalFree
LocalReAlloc
LocalAlloc
WideCharToMultiByte
InitializeCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
GetTempFileNameA
InterlockedDecrement
InterlockedIncrement
SuspendThread
ResumeThread
GetProcAddress
GetModuleHandleA
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GlobalFree
GlobalAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
GetModuleFileNameA
FreeLibraryAndExitThread
IsBadReadPtr
IsBadStringPtrW
LocalSize
GetCurrentThreadId
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
Thread32Next
VirtualQuery
OpenThread
Thread32First
GetCurrentProcessId
SetEnvironmentVariableA
LoadLibraryA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_itoa
_memicmp
_strlwr
_wcsicmp
_strupr
ceil
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
free
malloc
_except_handler3
strstr
strrchr
wcslen
_CxxThrowException
_ftol
strchr
strncat
realloc
atoi
rand
srand
wcstombs
_beginthreadex
toupper
tolower
memmove

Exports

Exports

CpyCommon

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea8d6560be72981bd24e82531b375714

Headers

File Characteristics

Imports

advapi32

gdi32

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB