gh0strat | 1a29f99c87481cfa87a7301e8c189cc7cd33e62955185f41348497a4b41432bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a29f99c87481cfa87a7301e8c189cc7cd33e62955185f41348497a4b41432bb
Size

199KB
MD5

d49e951e2af4971cfa5db8bb4050a716
SHA1

596ec99a929215c95d0d77dfaa3ecc44181d4265
SHA256

1a29f99c87481cfa87a7301e8c189cc7cd33e62955185f41348497a4b41432bb
SHA512

abdb4936eb2e8bf0d05e2e875466bb41ab435362005f21eaa613c48fe6afc82a91932c22fc0e0c6d15867bd640d078932b7f3926dcfaa8cf39e6b53b3896d523
SSDEEP

3072:5YziIJaJRqtXnc+me4gwWf2VBEOQqFCaezYg:5eiIJaJGZQecETMCG

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a29f99c87481cfa87a7301e8c189cc7cd33e62955185f41348497a4b41432bb

Files

1a29f99c87481cfa87a7301e8c189cc7cd33e62955185f41348497a4b41432bb
.exe windows x86

787bbc2cf3865af63070cd05c4a4b7b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
CloseHandle
lstrlenA
WriteFile
CreateFileA
FindResourceA
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
MultiByteToWideChar
RtlUnwind
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
FlushFileBuffers
SetFilePointer
GetStdHandle
WideCharToMultiByte
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
GetCPInfo
GetStringTypeW

msvcrt

__dllonexit
??2@YAPAXI@Z
_CIpow
_onexit

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ