gh0strat | 398e50341ee0dbc1c53963ac62eee59a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

398e50341ee0dbc1c53963ac62eee59a
Size

153KB
MD5

398e50341ee0dbc1c53963ac62eee59a
SHA1

09d30536e957dfbac2e9a6eb2a9b411fb2fc69a3
SHA256

6121693985995353a68f5e6486663c6ba8218e2c85c84eedefc9635c4b59e646
SHA512

8e11d4c9e1e79b2578744e7991fbd88ad3a3a2765eca84b46c80dbf0ff058eb5516343da01d1d9d891a748edf43042a6e8c368d95818f5b1caa997349d4d0ce1
SSDEEP

3072:7j+RRHMqc8LNEXlcxdJBAJ6da+ORPsRG9rlav9qxDYn:7iRGKXrcV9Bkq6

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398e50341ee0dbc1c53963ac62eee59a

Files

398e50341ee0dbc1c53963ac62eee59a
.exe windows:4 windows x86 arch:x86

7ebe15c5f433bdbc0f6ba65218a5270a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
srand
rand
sprintf
__p__commode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ