gh0strat | 0cfa52ecabc8db5e644bf7ee4b28e6f6 | Triage

Sharing

General

Target

0cfa52ecabc8db5e644bf7ee4b28e6f6
Size

236KB
MD5

0cfa52ecabc8db5e644bf7ee4b28e6f6
SHA1

b0da2e77b0ef0312645e97bcf9c21503f383a6e8
SHA256

9fc60fdd4441c3e3cc6273f21e734a7cc64cb6da97f7cad07b0e0b9a76da4485
SHA512

c65a3b5fe723d19d4c349e16f670b30008120bdfcf4a2f60fbda445357aaf08f0f0348a3952ddabaa3595e1a1ee114d8181d91978facce43b02b7f33a588d081
SSDEEP

3072:VhwVMQgpRh5qTsqyTDW2DQ82K7+PbjyNRwQRUttK6Ubz3nYrYBBQV:02Rnh5Esjm2E+7qiYQRUvUvYrY

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cfa52ecabc8db5e644bf7ee4b28e6f6

Files

0cfa52ecabc8db5e644bf7ee4b28e6f6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

clsw141
Size: 330B - Virtual size: 330B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE