gh0strat | 41759ab5722afc8594c29531a9daf75d5135026fff9d6c53edf060efd85ecbe0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41759ab5722afc8594c29531a9daf75d5135026fff9d6c53edf060efd85ecbe0
Size

1.7MB
MD5

e331e2c82a1ac0d3d8a2db59bab3eddb
SHA1

d84dad60f96c6327045880e18907262a05176aa7
SHA256

41759ab5722afc8594c29531a9daf75d5135026fff9d6c53edf060efd85ecbe0
SHA512

f5f21ad0f93bb1c1bfa09a4e75502d664c0a72b5591671907a5441b2917a77a7f80f81ffd323e0b2cc8bc859059216298586a3a4d959833e8e5898138fb42e2c
SSDEEP

24576:26QGtH9cPNI6dzOf2aGGmSicHG0jmBW/AkyQfXphur6CHmsHElUjrZoRTTaalTbS:eSBVlgUq6CHmRC+ful

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41759ab5722afc8594c29531a9daf75d5135026fff9d6c53edf060efd85ecbe0

Files

41759ab5722afc8594c29531a9daf75d5135026fff9d6c53edf060efd85ecbe0
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 76KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 532KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 80KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 176KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE