gh0strat | 9b9b182ebaae1f8234c8a2a99a7f394ac2e8daea886c160eac3a4e22aa22d090 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b9b182ebaae1f8234c8a2a99a7f394ac2e8daea886c160eac3a4e22aa22d090
Size

1.7MB
MD5

178d4c928d39d2f877a2fdd070f2bc14
SHA1

e6ce47eef989f67c16d2845736866a3d367e2cc6
SHA256

9b9b182ebaae1f8234c8a2a99a7f394ac2e8daea886c160eac3a4e22aa22d090
SHA512

108cb5a0678e17c274b4c3aaf2baf43c3f3f8894fcf2bdbbd682e2164b5d84d2d6486a6730c8e361cf6a8977145523c39bbe7533d94595e6cccc23785085f434
SSDEEP

24576:p40JKjDUHFNvyC6X3bQm1JHiMhfLNTIUhBkC0KfCVvYo7d2aX+7r6rrlfWF8hkQO:G06kmHx4C0KqVvYalX5lfK8hk15

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b9b182ebaae1f8234c8a2a99a7f394ac2e8daea886c160eac3a4e22aa22d090

Files

9b9b182ebaae1f8234c8a2a99a7f394ac2e8daea886c160eac3a4e22aa22d090
.exe windows x86

703074f7e4b33aefff112f419dacba1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4218

msvcrt

atoi

kernel32

HeapFree

user32

ValidateRect

gdi32

SelectObject

comctl32

ImageList_AddMasked

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 704KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 1000KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ