General
-
Target
1336-61-0x0000000010000000-0x0000000010079000-memory.dmp
-
Size
484KB
-
MD5
b6b738628fde4e48e3c0576342e79fd2
-
SHA1
f893b640c2e53741ead5a59681dc2cdf71f1be80
-
SHA256
e595f9ff038332868902bcce95aa44b134c07a3ab6cb500ff4dfac4f00d4abf8
-
SHA512
8a9a3cc9ee9e76778a51d5f10559ff97b63f9e9284c76ef3de367be819d2c6b55ade430ee0be8ede75cb1c88a390cd94aaaf83788c76d2e760707cbcd0b92448
-
SSDEEP
12288:tF284tTmhZaNcktl+YB/6Yas7ebgP26URczEp/:tF2DtTyZC+YB/PaBbg+6a
Score
10/10
Malware Config
Extracted
Family
gh0strat
C2
192.168.1.101
Signatures
-
Gh0st RAT payload 1 IoCs
-
Gh0strat family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1336-61-0x0000000010000000-0x0000000010079000-memory.dmp
Headers
Sections