gh0strat | e4ade8ca5e13d099bd7c8739a60739dbdb5e15a6d43196b7ace84ecd2032a845 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e4ade8ca5e13d099bd7c8739a60739dbdb5e15a6d43196b7ace84ecd2032a845
Size

980KB
MD5

f0bd5326a537a388372a32a471480199
SHA1

06f320492e485e1bdff406bb411b6f41ed05f7d1
SHA256

e4ade8ca5e13d099bd7c8739a60739dbdb5e15a6d43196b7ace84ecd2032a845
SHA512

c5ac4543e8457d95ef197e7efa1eab9dc5c45603ae137b5da2a87f76012687d102ab6bc833910fe1e7019adcaacb236bfcc9242b7ae7926cba029bf9dce25054
SSDEEP

24576:EstYgdOekHx/WW/23xznF9NeMElQ33p1EWJWUJe7bmOx4hjB/E:e/WW/+znF3IQ35ilbm5/E

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4ade8ca5e13d099bd7c8739a60739dbdb5e15a6d43196b7ace84ecd2032a845

Files

e4ade8ca5e13d099bd7c8739a60739dbdb5e15a6d43196b7ace84ecd2032a845
.exe windows x86

7faf0b83862feb689b86190e96b48b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ