gh0strat | b47b40429b85c58f3bb734afd7de343b469441d84778d597b0584e640aa718fc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b47b40429b85c58f3bb734afd7de343b469441d84778d597b0584e640aa718fc
Size

992KB
MD5

db910f7197b6d54c9131f9dff613f599
SHA1

f1d807dc6a082827d308269054e56e152ef00198
SHA256

b47b40429b85c58f3bb734afd7de343b469441d84778d597b0584e640aa718fc
SHA512

b5df0095d45701641bf7484e61cba337fc183d8e5a63ac7680da9eb0cb0a1c61183dc8b6326f3ca0fc539520477308a3a63888ba5ccff6fdff680067406d2bb2
SSDEEP

24576:n6YgdOekHrjL3soZbqtXbGRxoTdkOZM/pK0CR/zBhrvKLPilqq:DTJZbAXaop9txzzJp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b47b40429b85c58f3bb734afd7de343b469441d84778d597b0584e640aa718fc

Files

b47b40429b85c58f3bb734afd7de343b469441d84778d597b0584e640aa718fc
.exe windows x86

7faf0b83862feb689b86190e96b48b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 200KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ