gh0strat | 67a2a481825a28c7b983250d0665aa1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67a2a481825a28c7b983250d0665aa1f
Size

315KB
MD5

67a2a481825a28c7b983250d0665aa1f
SHA1

5eecba5d17c27fa8a8a624acb9dcc063fe82a22e
SHA256

792d4822327e97ab57c91c2a2384ea7bc0e0fb672385a99f2a34ad3c41742225
SHA512

f2e2157f8f79c8c47d4996d05a13669647fe6dd8ca4cdfc12b364b0fbff4154a21c1d8d1f1a0e4462c5359faee433666d24b8cfc0767e5913f4042a62d150be9
SSDEEP

6144:TVGgdx9tSUEZuw/rGXGqoA8nT+6eyW9Qmfs:TICdSU6R/JnTFeyW97s

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67a2a481825a28c7b983250d0665aa1f

Files

67a2a481825a28c7b983250d0665aa1f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asef
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE