gh0strat | da3727ea2aec0904ad0cda53d4148f69cc3e139caa5bc3fd8c5a3ef0b28b1105 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da3727ea2aec0904ad0cda53d4148f69cc3e139caa5bc3fd8c5a3ef0b28b1105
Size

103KB
MD5

66db6f9565918952a795f8bf3e8c6f7f
SHA1

169e9bb4e9810923bd3c1d131bd616c9c8c839b9
SHA256

da3727ea2aec0904ad0cda53d4148f69cc3e139caa5bc3fd8c5a3ef0b28b1105
SHA512

d064e9ff6a5c9543b5aa72462b60a16fda13f0d715dd5967c712f2d46da1e0449e8e0d13bf7ccc7262af15c1102816fea4979573c3508a6385f78bf1e0000d88
SSDEEP

1536:/s+JK7yvqnXsm8QfLpcILGooa7V2uJp1VcM/vfh7EPtZ6IeXgD31:0+YXsmUu50uJXVb/Xh7EP36IeXgD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

da3727ea2aec0904ad0cda53d4148f69cc3e139caa5bc3fd8c5a3ef0b28b1105
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Kill360Box
ServiceMain

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ