gh0strat | e2de34b277171a53130a5eaaa5d014293257504cf9fe041b7d14cfecebd21d1b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2de34b277171a53130a5eaaa5d014293257504cf9fe041b7d14cfecebd21d1b
Size

148KB
MD5

8313e4c9cc0376d088a63816aa8647bb
SHA1

9019f716cf6d7aed4655dabdf60ce39348bf6620
SHA256

e2de34b277171a53130a5eaaa5d014293257504cf9fe041b7d14cfecebd21d1b
SHA512

d570ea65af0f1a4a7734b20d7dd900bfc83a739444b65110333a3b2d2cf845320099a89d7a4fa7553f2d951ca8f037bf734901c343764fd7a0b0c843cf3e1ad0
SSDEEP

3072:l3gc0lxbK/sgHwbd3aApU4O4qrC9J09Dak:KjlQkgEtfU4LuCY

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

e2de34b277171a53130a5eaaa5d014293257504cf9fe041b7d14cfecebd21d1b
.exe windows x86

45948dfeb4de011a4279e354f96db42b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
lstrlenA
WriteFile
SetFilePointer
CreateFileA
FreeResource
GetLocalTime
GetTickCount
FindResourceA
GetProcAddress
LoadLibraryA
ExitProcess
lstrcatA
lstrcpyA
GetModuleFileNameA
CopyFileA
MoveFileExA
RemoveDirectoryA
DeleteFileA
CreateThread

user32

wsprintfA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
DispatchMessageA
DefWindowProcA
TranslateMessage

msvcrt

_mkdir
_strrev
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
??2@YAPAXI@Z
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ