gh0strat | 2bbb0e1da54e0801b24ff573c92a0b36

Sharing

Copy URL Twitter E-mail

General

Target

2bbb0e1da54e0801b24ff573c92a0b36
Size

107KB
MD5

2bbb0e1da54e0801b24ff573c92a0b36
SHA1

a2a8f58c66660d3758748ab83afc24d2f91656c7
SHA256

d3a879beb51a39dbd8ac72f1a62cfb65b6537d943ce92340244ee77df9a75153
SHA512

0a6f95fd2f2773c8c7f4b15b68e9660d56f1800594c68afe8e4840f17e0e61b71b9ff60fdc07473465b2f2df62c6cf2fb57ab1de7571cc687d7772678da932e6
SSDEEP

3072://eq6y3R2OU9cYUwOpHcr4WvWxrCCsYGaZkZ5://eq6y30OUKpwOpHfJxGiGT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bbb0e1da54e0801b24ff573c92a0b36

Files

2bbb0e1da54e0801b24ff573c92a0b36
.exe windows:4 windows x86 arch:x86

5471366a6bc9341f1ec7171e5403407c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
lstrcmpiA
SetLastError
ReadFile
SetFilePointer
WideCharToMultiByte
FreeResource
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
WinExec
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
SetFileTime
SizeofResource
lstrlenA
MoveFileA
MultiByteToWideChar
GetVersion
CreateRemoteThread
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32First
GetProcAddress
Process32Next
CloseHandle
ExitProcess
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
MoveFileExA
CopyFileA
DeleteFileA
GetCurrentProcess
lstrcatA
GetLastError
GetTempPathA
GetWindowsDirectoryA
FreeLibrary
LoadLibraryA
SetUnhandledExceptionFilter

user32

wsprintfA
PostThreadMessageA
GetInputState
GetMessageA

advapi32

GetSecurityDescriptorDacl
ChangeServiceConfigA
UnlockServiceDatabase
ControlService
StartServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
CreateServiceA
GetUserNameA
LockServiceDatabase

msvcrt

_acmdln
_strlwr
_strnset
_except_handler3
realloc
malloc
strchr
strtok
??3@YAXPAX@Z
strncmp
strtoul
isdigit
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_stricmp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strrev

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

freesoft
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5471366a6bc9341f1ec7171e5403407c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

freesoft Size: 10KB - Virtual size: 9KB

. Size: 6KB - Virtual size: 5KB

.rsrc Size: 90KB - Virtual size: 90KB

freesoft
Size: 10KB - Virtual size: 9KB

.
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 90KB - Virtual size: 90KB