gh0strat | bc626e7d142ebfa8ee292b355120d3e38e1ecc262713ba50d0b64fd1582aa201 | Triage

Sharing

General

Target

bc626e7d142ebfa8ee292b355120d3e38e1ecc262713ba50d0b64fd1582aa201
Size

234KB
MD5

8554cd118f6f11266fe8a4e9c10f67e2
SHA1

0c944d21523ffca3e942ad46c305b72385d9d490
SHA256

bc626e7d142ebfa8ee292b355120d3e38e1ecc262713ba50d0b64fd1582aa201
SHA512

39a99dffef220989b35573e1d085283775da90ff8ddbc844f80848e825ceb9e583045791402b0a2ece42f7e856f41bc6f3201e45689f054fafc7868d4980353c
SSDEEP

3072:IPHzqtu0IPeqovhA58gMreQNihzFEnitlffRo+8uRJUZZWFIYzSf+eqo9:qP0Ieqo5bN2l3f6KgZZY+Geqo

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

bc626e7d142ebfa8ee292b355120d3e38e1ecc262713ba50d0b64fd1582aa201
.exe windows x86

4a1163d4ab434a1b04aa9d907e151cd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetFilePointer
GetTickCount
WriteFile
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
GetLastError
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
CloseHandle

user32

wsprintfA
GetMessageA
PostThreadMessageA
GetInputState

ole32

CoCreateGuid
CoInitialize
CoUninitialize

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ