gh0strat | 41b3f3238ed87a35ea06e99b8ca9d58a | Triage

Sharing

General

Target

41b3f3238ed87a35ea06e99b8ca9d58a
Size

155KB
MD5

41b3f3238ed87a35ea06e99b8ca9d58a
SHA1

ac7ad3508f04530769cd52d7a723bb067dd8c203
SHA256

758d6af1bc6a7c011e5a8edf2c5cc3e20749324afe62a69faff2c92372b478de
SHA512

4b3111db61bad7dcbf5531dc091d2e924547c42cccb085e4a60e0f4d482af1d10f7c6ae4064f3660da4f37383665577855d172eb2fd08a37eebf3a7932b1ee01
SSDEEP

3072:5nzK5S9ERdbsJd84Qc/whoGmip8ntWkgnG7CudC:5qsJeb1m2kwkgGmK

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41b3f3238ed87a35ea06e99b8ca9d58a

Files

41b3f3238ed87a35ea06e99b8ca9d58a
.exe windows:4 windows x86 arch:x86

baf3784d9658c0d2cf84c6d520f1d91c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetTickCount
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_exit
srand
rand
sprintf
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ