gh0strat | bf8b4131d77a432c1d3bb6d3ef7c064057ccc6862f3e8b558db3e4726e7f6c13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf8b4131d77a432c1d3bb6d3ef7c064057ccc6862f3e8b558db3e4726e7f6c13
Size

152KB
MD5

64899caca56f408d9d8678f212a033c2
SHA1

b51299dc47255df7b21574b3e7e998ade515f417
SHA256

bf8b4131d77a432c1d3bb6d3ef7c064057ccc6862f3e8b558db3e4726e7f6c13
SHA512

1c110af36424a4e19939d757c1e6ca217fb1bd55422f1f59da29e8bff854688247b529c7046b2f2b8a1f2432cf1a8f7e6239a90210720d46f6212f4cab4a6301
SSDEEP

3072:lBtSf+yOmPD8IRr+PqbssYPx5HcTBfthHr5dnFPn:lBTyPRqyhYPbHcTBlhHrjndn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

bf8b4131d77a432c1d3bb6d3ef7c064057ccc6862f3e8b558db3e4726e7f6c13
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnectIon3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ