gh0strat | 37205131964036ead4dd7298a698ed4d78abcbb37e2b89c68baffd764bfd1472 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37205131964036ead4dd7298a698ed4d78abcbb37e2b89c68baffd764bfd1472
Size

960KB
MD5

c3ec7a91b77777a6d4e0db7f85f82543
SHA1

c336b6217e350e9cec9088549cdc268e5aaddff3
SHA256

37205131964036ead4dd7298a698ed4d78abcbb37e2b89c68baffd764bfd1472
SHA512

3befef386f98031abcdd52a76bca61c3e58ba51167c60e8d4203fca73f857026bedbd38c5ba1392f26c1bc3f1607e3ea923706924b8c394e6a80c0dcc8107b68
SSDEEP

24576:j+i1zps2YhqDEAK3G26uXPAELc7qGOQ58Lz2j29yIVyv/Se++:jd1eYDPjPufGpOQ5mijfIQvT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37205131964036ead4dd7298a698ed4d78abcbb37e2b89c68baffd764bfd1472

Files

37205131964036ead4dd7298a698ed4d78abcbb37e2b89c68baffd764bfd1472
.exe windows x86

92ebf9fc2ff4c6bd4f461499ca62583a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5194

msvcrt

_acmdln

kernel32

GetModuleHandleA

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Exports

Exports

s_665754_134235_3563345_1231245_910384_0193848_login

Sections

.text
Size: 176KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ