gh0strat | b1b5c92512fdff4f34700229deac05d515ea6f76d1271846656f411af5f56143 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1b5c92512fdff4f34700229deac05d515ea6f76d1271846656f411af5f56143
Size

182KB
MD5

4d3c3a59e45d52d66888fa744bcd62e6
SHA1

b21f8e3a09b2a3a1559e033e31c45d9e6694e8f9
SHA256

b1b5c92512fdff4f34700229deac05d515ea6f76d1271846656f411af5f56143
SHA512

4fc7f18806dc6e4184108be027f2e28f81c3bf8994227ca6695e9b9f4b6b61aee3c54bb771f23e8569420fea0dd182d3e8f5c644995ce534a351be7536e7bb1a
SSDEEP

3072:czk9z4Uh+yQAbAbuDNWtMpebime67kyw6sguGeqovv2Q3QZI:7DTQAbzMbxX7kyw6IGeqoBQS

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b1b5c92512fdff4f34700229deac05d515ea6f76d1271846656f411af5f56143
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

NewSec
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE