gh0strat | 34ed49df6f5c3505d791cc68cba067b9266d1611aed848622e60efc2903b68bd | Triage

Sharing

General

Target

34ed49df6f5c3505d791cc68cba067b9266d1611aed848622e60efc2903b68bd
Size

264KB
MD5

df5c329cd2f81d9dd1792585d130629e
SHA1

84c079565ddd9fb89c95a1896294df4036873ded
SHA256

34ed49df6f5c3505d791cc68cba067b9266d1611aed848622e60efc2903b68bd
SHA512

5470288c06b5ec7e77b28ed9065df0df4a1c50f8f52b9dee5a5c154cb6ea91b3124e8e201b66fb4b11be2ef23d691db8e769071abb867eb471d27d254ba98fa9
SSDEEP

6144:u+Z2pXt331J7XD+o8XGYhYIHerVgYxDpWCDsJjI4Me:u+UZtz/X82YhJeWYxDECDEIN

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34ed49df6f5c3505d791cc68cba067b9266d1611aed848622e60efc2903b68bd

Files

34ed49df6f5c3505d791cc68cba067b9266d1611aed848622e60efc2903b68bd
.exe windows:4 windows x86

4528f77b19993b636676e403f4252110

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5194
ord6407
ord1997
ord798
ord533
ord825

msvcrt

_acmdln
__getmainargs
_initterm
exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
__CxxFrameHandler
fopen
fclose
fscanf
remove
__setusermatherr
_itoa

kernel32

GetModuleHandleA
HeapFree
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GetStartupInfoA
GetProcAddress

Exports

Exports

s_665754_134235_3563345_1231245_910384_0193848_login

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 945B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ