gh0strat | 068af221b685ef4ef12de9a6bd8aad83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

068af221b685ef4ef12de9a6bd8aad83
Size

154KB
MD5

068af221b685ef4ef12de9a6bd8aad83
SHA1

1a542440e8273262dcfbe5c7533ecb9abe388c41
SHA256

666ddbab2106a70c49a7364b7e2f15b11bdd2869e94801781d2516ca822e76b6
SHA512

7fa2fe7b66a33c10084b518847d34a0d260d892c2ec7d07fd63383c94741d80823ac09993d7018000827730a7b479489e1c456f2ca6a64c554ec5f7b43caedce
SSDEEP

3072:yg1K4+O9N/xSBdu4Z41gF0Cy8Dm8ygskIL1Vx:yWKccu4ZA2Q8S3FkIp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
068af221b685ef4ef12de9a6bd8aad83

Files

068af221b685ef4ef12de9a6bd8aad83
.exe windows:4 windows x86 arch:x86

baf3784d9658c0d2cf84c6d520f1d91c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetTickCount
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_exit
srand
rand
sprintf
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ