gh0strat | a29096075c295ac142d383da5e1b16488f264d2aca7cb511b65b0d5f5f7ccc34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a29096075c295ac142d383da5e1b16488f264d2aca7cb511b65b0d5f5f7ccc34
Size

1.1MB
MD5

e5fb0f71aee13df31e9b2d4d1227e591
SHA1

a483ce226ba2176f4d060c888b2ccdac4e509642
SHA256

a29096075c295ac142d383da5e1b16488f264d2aca7cb511b65b0d5f5f7ccc34
SHA512

0b52e836c99af870aedb9e144e91c40510bb56be2adb9de66ed128a1a58000fef44366252b7719ec67188e5ebf9faa292832c61f5158efd2112a1d553d148a35
SSDEEP

24576:YEYgdOek7wwkx0EKejDFmbn2rnHMC6YCX+E6bl4d7t4wdwBk:aCjDFmasC6Ys+rl45pgk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a29096075c295ac142d383da5e1b16488f264d2aca7cb511b65b0d5f5f7ccc34

Files

a29096075c295ac142d383da5e1b16488f264d2aca7cb511b65b0d5f5f7ccc34
.exe windows x86

7faf0b83862feb689b86190e96b48b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 300KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ