gh0strat | 3eb216d2ebf01ac8023989c46ae1a77b[.]exe | Triage

Sharing

General

Target

3eb216d2ebf01ac8023989c46ae1a77b.exe
Size

185KB
MD5

3eb216d2ebf01ac8023989c46ae1a77b
SHA1

a2894b32ce95ddde399f839fbaf1a77876de321b
SHA256

3be4ec0c0b3a209f19208f2a27865a92352a4ccd69e07350cc8027a88d97ed95
SHA512

1d992be9321b13962a3077ea254a1031fbdbd5678e734c5c2ea8f5073170d961873fa6af39761435631fdff54bb0436878c287faee35e865b535d64b93e8d5ee
SSDEEP

3072:hzZFhBECT5NsBY7rhGya9wmpCs3rfbTTBftoNA5nQwbQoNsBY7rhGm:phBEClSBY/hGhWIrDTTBloNA5ngoSBYx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb216d2ebf01ac8023989c46ae1a77b.exe

Files

3eb216d2ebf01ac8023989c46ae1a77b.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnumClasses
DhcpFallbackRefreshParams
DhcpHandlePnPEvent
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestOptions
DhcpRequestParams
DhcpStaticRefreshParams
DhcpUndoRequestParams
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ