gh0strat | 107f47eef34c95e07d3911a23ea7673e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

107f47eef34c95e07d3911a23ea7673e
Size

99KB
MD5

107f47eef34c95e07d3911a23ea7673e
SHA1

2a3105e96760030c5aa3a49c8b8528ede40a9186
SHA256

3b303c0bb11da78b63b8d09fac0a39d7ca5fffa06369b3849a4d40957de96be3
SHA512

0fc18ee1abf938b645f5ea015cb107a333adf8815d93a86354505322970fcc4488ded592fbf1b4447fa663150b030d72ed462e80baed9ba00a84ea0e672b2e20
SSDEEP

3072:YziFQrjhLjCUBalEcFsK8ImTw3Uk6l6xd:AiKrjZhIEcQDw3T6lA

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
107f47eef34c95e07d3911a23ea7673e

Files

107f47eef34c95e07d3911a23ea7673e
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AntiVirus
FootBall
SSDTReSet
ServiceMain
Windows

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ