gh0strat | d909b8896f4e290626e90134f3122a54dbb98c5abecf760c00292c87b198a4a8 | Triage

Sharing

General

Target

d909b8896f4e290626e90134f3122a54dbb98c5abecf760c00292c87b198a4a8
Size

196KB
MD5

5d68d359d46b1011e8cb488884e3f0b1
SHA1

f98a13d9d7c149b5a3ecd356cdef2d0d5c3aa882
SHA256

d909b8896f4e290626e90134f3122a54dbb98c5abecf760c00292c87b198a4a8
SHA512

4568dfa552c28413ffcdc160dfaf287aab478bca5673e959dd74bd8962054f4164e60ac14135f25cdc3cfaf69a89abedc686c83270ba9e25b4ae6714f37a5e9f
SSDEEP

768:RrA1m7tDiRAWZGHBJo6Mk5mptUbSxP+VpVOeP:RbBiRAWv6TYtUb3Vpc+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d909b8896f4e290626e90134f3122a54dbb98c5abecf760c00292c87b198a4a8

Files

d909b8896f4e290626e90134f3122a54dbb98c5abecf760c00292c87b198a4a8
.exe windows:4 windows x86

13ab381dacef214bd7c905ade17ea0aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
CloseHandle
lstrlenA
WriteFile
CreateFileA
FindResourceA
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
ReadFile
MultiByteToWideChar
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
FlushFileBuffers
SetFilePointer
GetStdHandle
WideCharToMultiByte
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
GetStringTypeW

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_onexit
__dllonexit
_CxxThrowException
_CIpow
__CxxFrameHandler
??2@YAPAXI@Z

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ