gh0strat | cafc5dfcbe8e72afd3a972d88a88e1f76a5d1c06a15773561f97ad5364ecab9e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cafc5dfcbe8e72afd3a972d88a88e1f76a5d1c06a15773561f97ad5364ecab9e
Size

155KB
MD5

5859582e88df6bf048bd5137e02b4d27
SHA1

b6609b280d4f85819072f9c9bd484a837d7bdf4a
SHA256

cafc5dfcbe8e72afd3a972d88a88e1f76a5d1c06a15773561f97ad5364ecab9e
SHA512

32eb788e983e94b190c7207e74f47d394feb565e88825b948113e89f0660958d43fc7f043a0101caffe1ee567ab0fa8d7ca9dc6a06ccf3692e642498ff6985f8
SSDEEP

3072:4ORtKm6tPvjUosLefKycXI/vthPscTBftp5+nVP3I:xRz6t1sLeCDI//PscTBlpUnN3I

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

cafc5dfcbe8e72afd3a972d88a88e1f76a5d1c06a15773561f97ad5364ecab9e
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE