gh0strat | afe7598b791cfdcc793235075982b893cc60d13890d6e6096df8ddac5690d278 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afe7598b791cfdcc793235075982b893cc60d13890d6e6096df8ddac5690d278
Size

980KB
MD5

e5cbb70ecdc401a7849d876c73689801
SHA1

78d7fb6d53a526c54f91dabb0b01f21cd66ca0e4
SHA256

afe7598b791cfdcc793235075982b893cc60d13890d6e6096df8ddac5690d278
SHA512

c268b3f19b5e9e04f2e9536df95bd03c8f4457240523bb31fbc14c8d7acca16a07155dd09c0e1404481b6e9b2fc7a9511f48cd3d99761d1b9e33a1d0422bd759
SSDEEP

24576:5MYgdOekRZ/h83Lls30J76g5o1dmRNVJnAobjwhbZSCpS1otKR:6Lls3pON/Ao/+ZSCpS4KR

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afe7598b791cfdcc793235075982b893cc60d13890d6e6096df8ddac5690d278

Files

afe7598b791cfdcc793235075982b893cc60d13890d6e6096df8ddac5690d278
.exe windows x86

7faf0b83862feb689b86190e96b48b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ