gh0strat | 4df434b6485ef3e28de35b248eb7cd339c836c4b0cdeb83a720d5c854e1316bd

Sharing

Copy URL Twitter E-mail

General

Target

4df434b6485ef3e28de35b248eb7cd339c836c4b0cdeb83a720d5c854e1316bd
Size

40KB
MD5

c88be58ed4320422186a2f35582401fe
SHA1

d8c7ddf6160c65178f4509022f7b7fd6a2e9af81
SHA256

4df434b6485ef3e28de35b248eb7cd339c836c4b0cdeb83a720d5c854e1316bd
SHA512

5bd29fd57ead10f17571856666113a1cbd3b70be9e924c82d4de39de63d958d65fae9f8767d1ecbef5abba1e37bb188ad2fde03f54382065018915aa50fab4cf
SSDEEP

768:YabaSUqgaePETILW0xJnzSu2q4nhbnqv6Tc1Md7:FbacgtE+D7snxgMd7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

4df434b6485ef3e28de35b248eb7cd339c836c4b0cdeb83a720d5c854e1316bd
.exe windows x86

216f3e7b7fd453fae9a36d867c553494

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_beginthreadex
sprintf
atoi
_except_handler3
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
??3@YAXPAX@Z

kernel32

GetStartupInfoA
Process32First
Process32Next
lstrcmpiA
ReleaseMutex
CreateThread
GetCurrentThreadId
ExpandEnvironmentStringsA
DeleteFileA
OpenEventA
GetLocalTime
CreateDirectoryA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
Sleep
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
lstrlenA
TerminateThread
lstrcatA
GetTickCount
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GlobalMemoryStatusEx
GetVersionExA
GetSystemInfo

user32

OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
OpenDesktopA
GetInputState
GetMessageA
ExitWindowsEx
wsprintfA
CloseDesktop

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ShellExecuteA

ws2_32

WSAIoctl
setsockopt
connect
WSACleanup
gethostbyname
socket
closesocket
recv
select
send
getsockname
gethostname
WSAStartup
htons

urlmon

URLDownloadToFileA

ole32

CoInitialize
CoCreateInstance

wininet

InternetCloseHandle

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

216f3e7b7fd453fae9a36d867c553494

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

urlmon

ole32

wininet

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB