gh0strat | pcap2[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pcap2.bin
Size

1.1MB
MD5

4fbb077017ae0c8294e49c87019e10ac
SHA1

e0ff11e7cad909ff13c00177d4fd1b9e6f11d6e0
SHA256

e8b009c3ff4d8342070c5c394a00d0a8c343936b11c7c1329e68302eddc909f8
SHA512

2dc8162886f8860d6badfee4e916954ad4151b7576e733342a1722fc910bc7140205b8c36aba2f670d066e63d3217fa53ffea0a527182dba2ba17ee9ddd353ce
SSDEEP

24576:ounsIn7Rac+I8Sijva1BsSx65M5WbUg/n3MtRldzFRgE:t/zRgE

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pcap2.bin

Files

pcap2.bin
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Main
ShellCode

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ