gh0strat | 8f25a3fe9f1ecb3424be51b552898d65 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f25a3fe9f1ecb3424be51b552898d65
Size

101KB
MD5

8f25a3fe9f1ecb3424be51b552898d65
SHA1

cb1635ad4efdca3c6c3a4dddf161aea156d2c642
SHA256

88df0cba6cd3043ed2c8a44a491a80896c4bc3c815352050fbb46640f8573183
SHA512

061ca0ab7c15df5bb85df55c4ca1ffde0d3a8f908bef941075180757762ff8cb1a1797d0eacef4e4d596c3dd20ef4b5a9c43a5e677583a2f35b6b9ebce389cb3
SSDEEP

1536:0NC+oAMGCgq5WNFk4BU7c9OMfc7KprGD3c/z3WgngyDl:EbMGCgY6k4BU7SOuc7K4Lc/z3W+gyDl

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f25a3fe9f1ecb3424be51b552898d65

Files

8f25a3fe9f1ecb3424be51b552898d65
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LetMeSee
SETUP
ServiceMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ