gh0strat | 3d6fc08f848ff5e3a389c40354be952f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d6fc08f848ff5e3a389c40354be952f
Size

207KB
MD5

3d6fc08f848ff5e3a389c40354be952f
SHA1

6813a41f96c28e39228141fb1275145aa54b217e
SHA256

e88965fa523a3738b1307825cfcacfd1e3c2da6356cc75d81cc3916a064cacde
SHA512

db1bbc2357a3153f9b3044ca93f697cf516e4a03bbcdffa19f27261a661256dbe927ccf2bd832ff03d4a08ba7901f30f74aaaa754f6e7dd98789c269a8886e40
SSDEEP

6144:xsIt0nW8QfBTyPRqyhYPbXcTBlhHrrndnEv0h:OfW8ZJq8YPbXcT3y+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d6fc08f848ff5e3a389c40354be952f

Files

3d6fc08f848ff5e3a389c40354be952f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kkkk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE