gh0strat | af12123b469a2d6361ae372eae9c9ad01418ea60e1a12fea9cc950c2e788ab8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af12123b469a2d6361ae372eae9c9ad01418ea60e1a12fea9cc950c2e788ab8d
Size

125KB
MD5

61290e472712a3df27f5baafc117a4a7
SHA1

5226b94d4a7feafbe648ac17b79b39e650642d85
SHA256

af12123b469a2d6361ae372eae9c9ad01418ea60e1a12fea9cc950c2e788ab8d
SHA512

e1ce53f2efd322d556e2e4b43463b033199565e425c4ca6dc220d3c42ca802fc97bcf8d31e7a331dc080001fb5066699f7d2114a7121cd0cd47307b925d6b80b
SSDEEP

3072:jSB6K87XyCqaHJ7qzUQeXCSPsU4dHEzn4mAjCzov:jW6K87XyCqcUwrXbN4x0n4mAjCQ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

af12123b469a2d6361ae372eae9c9ad01418ea60e1a12fea9cc950c2e788ab8d
.exe windows x86

a64be11ea444ddc5d56a4815fd2c04a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
LoadLibraryA
GetFileAttributesA
CreateDirectoryA
lstrcpyA
lstrlenA
CloseHandle
GetCurrentProcess
Process32Next
lstrcmpiA
Process32First
WriteFile
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
DeleteFileA
MoveFileA
FreeResource
LocalFileTimeToFileTime
SystemTimeToFileTime
LoadResource
FindResourceA
GetTickCount
GetTempPathA
SetLastError
lstrcatA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
Sleep
GetCurrentThreadId
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
strstr
_CxxThrowException
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler
??2@YAPAXI@Z
malloc
free
strrchr
_except_handler3

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ