gh0strat | 1b67eb60cfc2594951c1c5d1622a0583a5de16dd40fe7ae528c2ee7a524ccb48 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b67eb60cfc2594951c1c5d1622a0583a5de16dd40fe7ae528c2ee7a524ccb48
Size

1004KB
MD5

1fa7165258ff04d9c1e4f4e738ee191c
SHA1

43edd13a12a0f92bace8944440be4c8ea98302a9
SHA256

1b67eb60cfc2594951c1c5d1622a0583a5de16dd40fe7ae528c2ee7a524ccb48
SHA512

f9d5db25e61f4f59f67341aa7b45d84fbdf893e0fd339056a26b7f1353a87a59682408ff942d8ce1a8ed5e79b79ae39b1425191d940d06f3762b4f6ddb875314
SSDEEP

24576:WPYgdOekOEm1NA5iOrYYNZ2avOjLdZQWk5TN0c:A1N2kYYZG2c

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b67eb60cfc2594951c1c5d1622a0583a5de16dd40fe7ae528c2ee7a524ccb48

Files

1b67eb60cfc2594951c1c5d1622a0583a5de16dd40fe7ae528c2ee7a524ccb48
.exe windows x86

7faf0b83862feb689b86190e96b48b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ