gh0strat | 5b4ea89ac4cf08278df2d4ceb20484973b43d9cb82f40413d29d5d69f7101143 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b4ea89ac4cf08278df2d4ceb20484973b43d9cb82f40413d29d5d69f7101143
Size

129KB
MD5

fcf48ce3a40ff295db183da0b445f2a0
SHA1

151f279fcf0573b2a71491920ceea8581722f1a7
SHA256

5b4ea89ac4cf08278df2d4ceb20484973b43d9cb82f40413d29d5d69f7101143
SHA512

62886c63440e0b01d79a6cfc8a82d9550e18364015788c7daae3b5d36e42fb51d275483b866c895f7877ef5dd11bc7d113aba77f35dc8c2571152ca2b0ff9d91
SSDEEP

3072:88nMg4W07paSG/+uDbPxhvGk0TwV21N1v:88nMgi79GmGFh+7wVgN1v

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

5b4ea89ac4cf08278df2d4ceb20484973b43d9cb82f40413d29d5d69f7101143
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NewSec
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mui
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE