gh0strat | e779c712ac8141f85242eca8dfea9a76244d2eba405bc9b4c76695bee20858e3

Sharing

Copy URL Twitter E-mail

General

Target

e779c712ac8141f85242eca8dfea9a76244d2eba405bc9b4c76695bee20858e3
Size

73KB
MD5

23dd2bba4fe44ca3809455f6710571f0
SHA1

1666ea84785e9f4726a9f16a1670b8e313c3de14
SHA256

e779c712ac8141f85242eca8dfea9a76244d2eba405bc9b4c76695bee20858e3
SHA512

913d900eddc4e148c20d64862d12fc1ba406e4f859f239f785ef7789bfd3538659b825d617785c18c2c2cb55c0ba986b9f7cd1b8c1edacc5fe9b3d1e6c9a3101
SSDEEP

768:Ac4wWxXa2xx549lm+/UHlHL/o3m7psGcIr5+hmaukkfbWyGaDEKwPoCaaJRQK6h4:A3HxaICAOGc3mHcIBaOfbWypwPf2jQr

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

e779c712ac8141f85242eca8dfea9a76244d2eba405bc9b4c76695bee20858e3
.exe windows x86

0ac05fd5d588acdae4f184f111fe3e21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
FindClose
FindFirstFileA
GetFileSize
CreateFileA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
ReleaseMutex
PeekNamedPipe
SetErrorMode
ExitProcess
GetLastError
CreateMutexA
CopyFileA
LocalSize
Process32Next
LocalReAlloc
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
WriteFile
LocalAlloc
TerminateProcess
DisconnectNamedPipe
CreatePipe
GetStartupInfoA
GetModuleFileNameA
OutputDebugStringA
TerminateThread
GetTickCount
CreateThread
ExitThread
OpenProcess
lstrcatA
GetCurrentProcess
CreateProcessA
GetVersionExA
GetSystemDirectoryA
WinExec
lstrlenA
LocalFree
ReadFile
Sleep
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
InitializeCriticalSection
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
OpenEventA

user32

ExitWindowsEx
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
wsprintfA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA

msvcrt

_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
malloc
strrchr
atoi
rand
ceil
time
printf
exit
strncat
strchr
strncmp
_beginthreadex
calloc
free
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memmove
??3@YAXPAX@Z
srand
_strnicmp
_strcmpi

ws2_32

WSASocketA
htonl
sendto
inet_addr
inet_ntoa
select
closesocket
recv
ntohs
WSAGetLastError
gethostname
getsockname
send
socket
gethostbyname
htons
connect
setsockopt
WSACleanup
WSAIoctl
WSAStartup

mfc42

ord6877
ord540
ord2818
ord800
ord939
ord4278
ord860
ord6663
ord858
ord535
ord922
ord924
ord926
ord4129
ord2764
ord537
ord6648

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ac05fd5d588acdae4f184f111fe3e21

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

mfc42

wininet

psapi

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 244B

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 244B