gh0strat | a89c0db8985f80f1a9c88d4637e0ffe5ef0c6897796ffa73365e9faf793478e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a89c0db8985f80f1a9c88d4637e0ffe5ef0c6897796ffa73365e9faf793478e7
Size

980KB
MD5

c3207a34105c0c079a4b168313b4f4eb
SHA1

b83da0a582e20e100688f801911e7e5fff89861f
SHA256

a89c0db8985f80f1a9c88d4637e0ffe5ef0c6897796ffa73365e9faf793478e7
SHA512

5baf69e95bfca2895cf4cccc2be3b1f33d3265cb93637ab665f09c633428a30f6169011d7bd419ece0eec271d7c8bbc8ab7c2cecb6ab04f4a520d3b11267ec07
SSDEEP

24576:EsdYgdOekpx/aW/233znF9NeMElQ33p1EWJWUJe7bmOx4hjBGE:4/aW/YznF3IQ35ilbm5GE

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a89c0db8985f80f1a9c88d4637e0ffe5ef0c6897796ffa73365e9faf793478e7

Files

a89c0db8985f80f1a9c88d4637e0ffe5ef0c6897796ffa73365e9faf793478e7
.exe windows x86

7faf0b83862feb689b86190e96b48b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ