gh0strat | 02f7bb234682de767e5bf1e8f610fc69f2d2940ce5e00df3710fb199e6ffe87f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02f7bb234682de767e5bf1e8f610fc69f2d2940ce5e00df3710fb199e6ffe87f
Size

199KB
MD5

19fa06ef05c8fb34027cd56534ee496b
SHA1

b4fbfb0e9af09051ea5cc997874f3f62502cffac
SHA256

02f7bb234682de767e5bf1e8f610fc69f2d2940ce5e00df3710fb199e6ffe87f
SHA512

3296328203926761ec3f31d577f2f8e0b92a867f85778cb00bfb5c03c9e8a9bf1ee043c03dc176be27ef8d5833bcba87dd6c2507389a0e010d60352ccceeda14
SSDEEP

3072:8D8giKBKAzBlRJTtXnc+me4gwWf2VBEOQqFCaezYg:8YgiKBJBZQecETMCG

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02f7bb234682de767e5bf1e8f610fc69f2d2940ce5e00df3710fb199e6ffe87f

Files

02f7bb234682de767e5bf1e8f610fc69f2d2940ce5e00df3710fb199e6ffe87f
.exe windows x86

787bbc2cf3865af63070cd05c4a4b7b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
CloseHandle
lstrlenA
WriteFile
CreateFileA
FindResourceA
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
MultiByteToWideChar
RtlUnwind
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
FlushFileBuffers
SetFilePointer
GetStdHandle
WideCharToMultiByte
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
GetCPInfo
GetStringTypeW

msvcrt

__dllonexit
??2@YAPAXI@Z
_CIpow
_onexit

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ