gh0strat | ffada10b70ed8622992a64a75348288a04e86fbeb3f2cd8eeae6fc9f3c0155b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffada10b70ed8622992a64a75348288a04e86fbeb3f2cd8eeae6fc9f3c0155b7
Size

196KB
MD5

d828028c877ac7a0f819142357f89702
SHA1

e2be75808841011b24e18efcd2faa709b41163a3
SHA256

ffada10b70ed8622992a64a75348288a04e86fbeb3f2cd8eeae6fc9f3c0155b7
SHA512

1baab55d0528e91f81f8717066b73e653fb9302970bced6970a4d831e4e832c3792913c3971558dea138026b2ea6090d8cbbd0f80bc390d08b12816f87588046
SSDEEP

1536:EbBiRAWv6TYtUb3Vpc+Ueb1al9Olel3QjJ:EbBiSTYtonc+me

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffada10b70ed8622992a64a75348288a04e86fbeb3f2cd8eeae6fc9f3c0155b7

Files

ffada10b70ed8622992a64a75348288a04e86fbeb3f2cd8eeae6fc9f3c0155b7
.exe windows:4 windows x86

13ab381dacef214bd7c905ade17ea0aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
CloseHandle
lstrlenA
WriteFile
CreateFileA
FindResourceA
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
ReadFile
MultiByteToWideChar
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
FlushFileBuffers
SetFilePointer
GetStdHandle
WideCharToMultiByte
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
GetStringTypeW

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_onexit
__dllonexit
_CxxThrowException
_CIpow
__CxxFrameHandler
??2@YAPAXI@Z

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ