gh0strat | 670c84b9fa847bcbf7df0e47a3fbf523 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

670c84b9fa847bcbf7df0e47a3fbf523
Size

148KB
MD5

670c84b9fa847bcbf7df0e47a3fbf523
SHA1

653e55597bb214ba02c1c051e6f26c10e3a98ed6
SHA256

56bfe6c300f684f5b1f74e64bfd0d94ea5f73887d44c6f32c0aa0a034e8ad5c5
SHA512

767803e985e5c254129440f80d028d424ec43beac00cf435b0ec921c3449ffe3e9b345dea478ea70874f79040722f4800e024d832ceea20392a621bcb9ceb095
SSDEEP

3072:nYcu+Q6HplJBb/+Grd83mgVKh6WGrE4mzfOv9lH5AN+M:YcustBDzG3mgVajGrCDOzHBM

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
670c84b9fa847bcbf7df0e47a3fbf523

Files

670c84b9fa847bcbf7df0e47a3fbf523
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE