gh0strat | NEAS[.]f3bc3e9684e96020f086766b4bbe5420[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f3bc3e9684e96020f086766b4bbe5420.exe
Size

504KB
MD5

f3bc3e9684e96020f086766b4bbe5420
SHA1

020af0b39022f506b4094908cbea558c8f788713
SHA256

1a2d0e98cd615f88edb0aeb188aca12b75bab954b92c9c79be800454c2953bf9
SHA512

c3f0a920ec35c332e2a2587827ffe2f9c39935574d61017ca09b29862d3ec039d7c8a3af60e15354d702841a5946b12072b65a28fc5ebe7095420952497afebc
SSDEEP

3072:DErVRw6HYXAGzQX8wSvPpDg+Gpv+AXiI7tCJoQWbLbRCMgwtlzb4guxO2fcjv4WG:DEh2/AGzBvy+GpiM14guxfW0pfyc

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f3bc3e9684e96020f086766b4bbe5420.exe

Files

NEAS.f3bc3e9684e96020f086766b4bbe5420.exe
.exe windows:4 windows x86

2374102f8bc567a0ce2647c688573c4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RaiseException
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapSize
GetACP
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
WritePrivateProfileStringA
SizeofResource
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetLastError
CloseHandle
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
GlobalFree
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrcpynA
GlobalLock
GlobalUnlock
MulDiv
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
lstrlenA
GetThreadLocale
HeapFree
IsBadReadPtr
VirtualProtect
SetLastError
VirtualAlloc
GetProcessHeap
HeapAlloc
VirtualFree
FreeLibrary
GetProcAddress
UnhandledExceptionFilter
LoadLibraryA

user32

CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
GetTopWindow
MessageBoxA
GetParent
DestroyMenu
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SendMessageA
DrawEdge
CopyRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SystemParametersInfoA
GetWindowPlacement
IsIconic
GetSystemMetrics
DrawIcon
LoadIconA
EnableWindow
SetCursor
GetWindowRect
GetClientRect
SetCapture
GetCapture
ReleaseCapture
IsChild
ClipCursor
InvalidateRect
LoadCursorA
GetSysColorBrush
GetDesktopWindow
PtInRect
GetClassNameA
MapDialogRect
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
PostQuitMessage
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
InflateRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
GetNextDlgTabItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
SetWindowsHookExA
LoadStringA
WinHelpA
EnableMenuItem
LoadBitmapA

gdi32

SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
MoveToEx
LineTo
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
CreateFontIndirectA
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC

comdlg32

GetFileTitleA
ChooseColorA
GetSaveFileNameA
ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2374102f8bc567a0ce2647c688573c4e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 300KB - Virtual size: 313KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 300KB - Virtual size: 313KB

.rsrc
Size: 12KB - Virtual size: 11KB