gh0strat | 556d086072f19469932dee41aa55a1b921dd8fa0a36fca422a4a96087e5c4ebb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

556d086072f19469932dee41aa55a1b921dd8fa0a36fca422a4a96087e5c4ebb
Size

148KB
MD5

13d481d1eaa2c02db264661b0e28a190
SHA1

fab12e60f1fb4efd6f95d4bb7cbdf882f658f0a8
SHA256

556d086072f19469932dee41aa55a1b921dd8fa0a36fca422a4a96087e5c4ebb
SHA512

802286ff03602f66013ed0f0043c1d0964ef1db97170b473e0ee404fd3e0ff50964763ffb65fb6ac311aac341172b5565e8fe46ab08e517ede1dd5b9fdc6cd05
SSDEEP

3072:tG9vTbZkEWg/5y14kquZ2WRDiP+PTBft82Ix+SZx:tgvfRH/g1p7hiP+PTBl82Ix+SZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

556d086072f19469932dee41aa55a1b921dd8fa0a36fca422a4a96087e5c4ebb
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

FreeTest

Sections

HZWMS
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HZWMS
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

HZWMS
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HZWMS
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

HZWMS
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ