gh0strat | 9a790a6d565a2577f5cbf3909704611edeb4be96fa8ced66235caf3ab5f776a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a790a6d565a2577f5cbf3909704611edeb4be96fa8ced66235caf3ab5f776a6
Size

3.5MB
MD5

2a8960b86caa438a689d71819330de57
SHA1

ae0f5f10a1c658f4cafa4f3b5d35c7ac751ed2e8
SHA256

9a790a6d565a2577f5cbf3909704611edeb4be96fa8ced66235caf3ab5f776a6
SHA512

2a02f5a2b327284b125138b149c4ec2e908a63f27a4367d45d8362cbd7c678a00b1a40a0f4ab2345ad0085f8fc1745153734d1958f440b42acd4a71b5def4a66
SSDEEP

49152:jqK4Mh/0jYcIA50Z52YZeYZeYZeYZeGrsYzIT0zxZq:w2/0jYcIe0TQYzO

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a790a6d565a2577f5cbf3909704611edeb4be96fa8ced66235caf3ab5f776a6

Files

9a790a6d565a2577f5cbf3909704611edeb4be96fa8ced66235caf3ab5f776a6
.exe windows x86

161add2894956006c1a4c9640b08413d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32 kernel32

CreateRectRgnIndirect �`

Sections

.text
Size: 2.8MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rsxx
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rsxx
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

rsxx
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

rsxx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ