gh0strat | 02b65ac2aae7e057d509f5426d41b81fde83b58bba352e24629ca10720a70589 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02b65ac2aae7e057d509f5426d41b81fde83b58bba352e24629ca10720a70589
Size

199KB
MD5

54502ee5a4da1d9d16e08a66b19959ad
SHA1

11717dfbba09fcd092bdc57b9f1ac4ee1b864c38
SHA256

02b65ac2aae7e057d509f5426d41b81fde83b58bba352e24629ca10720a70589
SHA512

a92a77722b1103886deba1af50213474c4d9268ae1c58538222ae85ccbb839fc24b93e0a832fb324d3dbaecdee198cca2255f23d96f2b53a6d085e4b582f8165
SSDEEP

3072:CTmauvDKDNqtGnc+me4gwWf2VBEOQqFCaezYgek:CiauDiDZQecETMCGs

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02b65ac2aae7e057d509f5426d41b81fde83b58bba352e24629ca10720a70589

Files

02b65ac2aae7e057d509f5426d41b81fde83b58bba352e24629ca10720a70589
.exe windows:4 windows x86

e592f56475147a7d057512540e5bc373

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrlenA
WriteFile
SetFilePointer
CreateFileA
FreeResource
GetLocalTime
GetTickCount
FindResourceA
GetProcAddress
LoadLibraryA
ExitProcess
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
MultiByteToWideChar
RtlUnwind
HeapFree
RaiseException
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
FlushFileBuffers
GetStdHandle
WideCharToMultiByte
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetStringTypeW

user32

wsprintfA

msvcrt

_onexit
__dllonexit
??2@YAPAXI@Z
_CIpow

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ