gh0strat | 3690cdd0023b9806bb5b21caddd56d47 | Triage

Sharing

General

Target

3690cdd0023b9806bb5b21caddd56d47
Size

428KB
MD5

3690cdd0023b9806bb5b21caddd56d47
SHA1

970bcaf72f98e37650753e6be305d0cf4e52ec0c
SHA256

a7883c61934046e14c68b6c7f3fc5dc9e654c34d44d0d514b6d0a40911c074ec
SHA512

9380eb7ece94c697e036d8f0a3e80ef8e4552fc33ebdb7a670ddeaf444d1e1146434153acae69e2f85b12d57fb4a5d03e6b607e5102da7cfdfb1b68b12dc3f94
SSDEEP

6144:hkjdEWS2rmYsEtLAOTF2idZecnl20lHRxp3gqIfQzV62zaB4yPMytL69G:ujdY2lF3Z4mxxdp6264tk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3690cdd0023b9806bb5b21caddd56d47

Files

3690cdd0023b9806bb5b21caddd56d47
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xcvxc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE