gh0strat | 6643b2cad30c5b213613ce6cdbfc71dfd4cb0d50b16b05345c70dbc1d6b25885

Sharing

Copy URL Twitter E-mail

General

Target

6643b2cad30c5b213613ce6cdbfc71dfd4cb0d50b16b05345c70dbc1d6b25885
Size

2.9MB
MD5

d55f23b000e4af151ff999b45bcce144
SHA1

c46e4014384621196b7dc85430f07165c53feef4
SHA256

6643b2cad30c5b213613ce6cdbfc71dfd4cb0d50b16b05345c70dbc1d6b25885
SHA512

3cc0c3cb46db21edd65e1935099266b3d2622cd6364dc973cf32776e47999908b2ae3544a2a2164db7da851dbd475fda6ac305adca9ac8b87a3a0fddeb17cc92
SSDEEP

49152:sZ6cUuwqhfJcqVEAr0yhxsZ9etN/I84lPEpEPy3AMJv/BajXYT44sH:sYcdH/hVEm/sZWwFPy31N/iYT5sH

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6643b2cad30c5b213613ce6cdbfc71dfd4cb0d50b16b05345c70dbc1d6b25885

Files

6643b2cad30c5b213613ce6cdbfc71dfd4cb0d50b16b05345c70dbc1d6b25885
.exe windows:5 windows x86

8e7f0888ab21538af6d45a4abddc21ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree

user32

DestroyWindow

gdi32

DeleteObject

psapi

GetModuleFileNameExW

imagehlp

CheckSumMappedFile

comctl32

InitCommonControlsEx

iphlpapi

GetAdaptersInfo

advapi32

RegOpenKeyExA

msvcrt

malloc

Sections

.text
Size: 1.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SE
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SE
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e7f0888ab21538af6d45a4abddc21ca

Headers

File Characteristics

Imports

kernel32

user32

gdi32

psapi

imagehlp

comctl32

iphlpapi

advapi32

msvcrt

Sections

.text Size: 1.6MB - Virtual size: 2.6MB

SE Size: 364KB - Virtual size: 364KB

SE Size: 16KB - Virtual size: 16KB

SE Size: 4KB - Virtual size: 100KB

SE Size: 4KB - Virtual size: 4KB

.sedata Size: 864KB - Virtual size: 864KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 100KB - Virtual size: 100KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 1.6MB - Virtual size: 2.6MB

SE
Size: 364KB - Virtual size: 364KB

SE
Size: 16KB - Virtual size: 16KB

SE
Size: 4KB - Virtual size: 100KB

SE
Size: 4KB - Virtual size: 4KB

.sedata
Size: 864KB - Virtual size: 864KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 100KB - Virtual size: 100KB

.sedata
Size: 4KB - Virtual size: 4KB