gh0strat | fa92b1ba9c0523de283c9550d168f686 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa92b1ba9c0523de283c9550d168f686
Size

211KB
MD5

fa92b1ba9c0523de283c9550d168f686
SHA1

27b6e2c6245c0c999141bff67a780a9957c03c23
SHA256

e1d5ffc263fb613916c9e02be29f786eb9796fcdc24206aed07125082315906f
SHA512

a2dcb0aa5c17e574dc404d19b043caff83045141ef0217ca27058e27b1b29b2c3fd9babc66c44a5d62bee0f21626bd2f73821d8a38e4a487ff17f4f138bf2e3f
SSDEEP

3072:/IXD6tOGloVFwz8BD0cjRTyVwdUE3AZnC69NJ09sTpwsxY9xYi://lQwz8BDpWwOUA1C6rTusO9Oi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa92b1ba9c0523de283c9550d168f686

Files

fa92b1ba9c0523de283c9550d168f686
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ