gh0strat | 2024-55-0x0000000010000000-0x0000000010010000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

2024-55-0x0000000010000000-0x0000000010010000-memory.dmp
Size

64KB
MD5

a8e0625841733961e3a88a996176b633
SHA1

fa67d717f1f9318d4445e3d603937046312b5b7d
SHA256

083971b305ec0083acec9f3e9247a4529c6f4639c8d53ba380ff7bdc0125fb17
SHA512

e672829c53143001bfabbf8e21e174aa89fd727998c0d64934dfc8e12b3ff57cff880f7af5a380448a7c048b92f1674a437e5b001e31000ec918a192e475a0d3
SSDEEP

1536:bicV9vfa4gmiD7KKb+qqnu3C+ykqz5K28:LfakiD7xb+qqnuy+yn5K1

Score

10^/10

gh0strat

Malware Config

Extracted

Family

gh0strat

30.cmananan.com

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

2024-55-0x0000000010000000-0x0000000010010000-memory.dmp
.dll windows x86

55cc24a9cf98c16eeef7d7030b8008b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
CreateProcessA
ExpandEnvironmentStringsA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
ExitProcess
GetModuleFileNameA
Process32Next
TerminateProcess
OpenProcess
Process32First
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
DeleteFileA
GetTickCount
LocalSize
LocalAlloc
CreateThread
GetComputerNameA
GetDiskFreeSpaceExA
GetLocalTime
GlobalMemoryStatusEx
ReadFile
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
lstrcmpiA
LoadLibraryW
WinExec
GetFileAttributesA
CreateDirectoryA
ReleaseMutex
CreateMutexA
MoveFileExA
MoveFileA
SetFileAttributesA
CopyFileA
GetCurrentThreadId
OutputDebugStringA
GetSystemDirectoryA
GetFileSize
SetFilePointer
lstrlenA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
GetCurrentProcess
FindFirstFileA
FindNextFileA
GlobalLock
GlobalUnlock
VirtualAlloc
GetDriveTypeA
VirtualFree

user32

OpenClipboard
SetClipboardData
EmptyClipboard
wsprintfA
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
GetClipboardData
CloseClipboard
ExitWindowsEx
IsWindowVisible
GetInputState
PostThreadMessageA
GetMessageA
GetLastInputInfo
GetSystemMetrics
EnumWindows
SendMessageA
MessageBoxA

advapi32

ClearEventLogA
CloseEventLog
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
RegSetValueExA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
OpenEventLogA

shell32

SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoInitialize
CoCreateGuid
CoUninitialize

ws2_32

recv
getsockname
send
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
select
gethostname
closesocket

msvcrt

??1type_info@@UAE@XZ
_initterm
_beginthreadex
_except_handler3
strncmp
_adjust_fdiv
_strcmpi
_strupr
_stricmp
_snprintf
strcspn
strncpy
atoi
_access
strrchr
malloc
free
realloc
sprintf
strstr
_CxxThrowException
??2@YAPAXI@Z
exit
__CxxFrameHandler
_ftol
??3@YAXPAX@Z

setupapi

SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetIfTable

urlmon

URLDownloadToFileA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

fuckyou
fuckyou1

Sections

.text
Size: 36KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

55cc24a9cf98c16eeef7d7030b8008b1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

msvcrt

setupapi

iphlpapi

urlmon

wtsapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 256.0MB

.rdata Size: 8KB - Virtual size: 256.0MB

.data Size: 8KB - Virtual size: 256.0MB

.reloc Size: 4KB - Virtual size: 256.1MB

.text
Size: 36KB - Virtual size: 256.0MB

.rdata
Size: 8KB - Virtual size: 256.0MB

.data
Size: 8KB - Virtual size: 256.0MB

.reloc
Size: 4KB - Virtual size: 256.1MB