gh0strat | 612dd6a2ae9151fa414007ed742c562d130d2706313c351667b0012cf41b040c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

612dd6a2ae9151fa414007ed742c562d130d2706313c351667b0012cf41b040c
Size

196KB
MD5

be40b6bee8426e95b8d8d5952ddd3de0
SHA1

847d28719d433673b6943b8759507717bea6c377
SHA256

612dd6a2ae9151fa414007ed742c562d130d2706313c351667b0012cf41b040c
SHA512

2cf59c050efdaa10d9520a163282fe70cc3585386759dd2747697a53986be273c58030b3609ccdb8e88207406818e2883bdca569890a6e7954d071aea4e05cb5
SSDEEP

768:srA1m7tDiRAWZGHBJo6Mk5mptUbSxP+VpVOeP:sbBiRAWv6TYtUb3Vpc+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
612dd6a2ae9151fa414007ed742c562d130d2706313c351667b0012cf41b040c

Files

612dd6a2ae9151fa414007ed742c562d130d2706313c351667b0012cf41b040c
.exe windows:4 windows x86

13ab381dacef214bd7c905ade17ea0aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
CloseHandle
lstrlenA
WriteFile
CreateFileA
FindResourceA
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
ReadFile
MultiByteToWideChar
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetLastError
FlushFileBuffers
SetFilePointer
GetStdHandle
WideCharToMultiByte
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
GetStringTypeW

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_onexit
__dllonexit
_CxxThrowException
_CIpow
__CxxFrameHandler
??2@YAPAXI@Z

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ