gh0strat | 21d97a6e658302fe2cfd19e1a2c24758 | Triage

Sharing

General

Target

21d97a6e658302fe2cfd19e1a2c24758
Size

113KB
MD5

21d97a6e658302fe2cfd19e1a2c24758
SHA1

ab4422452e70b5e5851f16d056beae1c6075b013
SHA256

e8971d62ba8591967bdd517417d561b9a5432dc8063464e53d57bc016a2ac6a0
SHA512

df7043fc33629c047861679cfbcb988f3df5190b89ca03eee654be16cde75bb1738d7442eb8d1374aa972adfb5b003f9d6aa26d9f5b9b435fe2dcd75d1b45a1f
SSDEEP

3072:lc1J/SyG8/qD0QLcvlyocKVy8i+q+PTw3UrA64MLp:e3SyGJD0ZPLy6jbw38A6Hd

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21d97a6e658302fe2cfd19e1a2c24758

Files

21d97a6e658302fe2cfd19e1a2c24758
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tienjiu
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Silvana
Size: 197B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE