gh0strat | 7936264692863883cef1f53b5f31377c32f64f37674ccf2c4695bc24422832be | Triage

Sharing

General

Target

7936264692863883cef1f53b5f31377c32f64f37674ccf2c4695bc24422832be
Size

66KB
MD5

bbc20a93115c6316053607040ebe636a
SHA1

dd90a4b438ef155a01ea017574c5a85c6f8d6068
SHA256

7936264692863883cef1f53b5f31377c32f64f37674ccf2c4695bc24422832be
SHA512

7d2d33cfd1d45148ac849b698e253fa7b07f0b68130ef8d3d2c23c0f624a657107eddb9121cbdb68f988e3680042422a3e70d205cb1771a5282efde74690f8b8
SSDEEP

1536:xOwZtljUodOsVhowc5jiYKT7RumGYY8ScN32vhMP4zIlw:xxLOK5cx1KZuVYIcIvhMcW

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
7936264692863883cef1f53b5f31377c32f64f37674ccf2c4695bc24422832be
unpack001/out.upx

Files

7936264692863883cef1f53b5f31377c32f64f37674ccf2c4695bc24422832be
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ