gh0strat | 9a0b61974bc3487e1894aa37b8da275a | Triage

Sharing

General

Target

9a0b61974bc3487e1894aa37b8da275a
Size

16KB
MD5

9a0b61974bc3487e1894aa37b8da275a
SHA1

41e17bd52167a585075e17f76d3d2af787aa7cda
SHA256

e7d4cb09b03451eadc9423abe79f89e1cc1161d15dc69afa27ca2d9b691720f9
SHA512

10b3bf0281d1de64ecb0998df391d5cba74e69c735cc5aff9f77a54e4b82c0356751876a71a7e38385a5a25b33f8dbecb2590d693ea23af1d202ff594586f987
SSDEEP

192:TdhV8MlhQjP1oynr8OBWbQEgkL33hn/fuRMOGPi9os6aQbX4RJoxZa52F:ZH8MLQr1Fw8EgY3hHukiis6to6j+m

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a0b61974bc3487e1894aa37b8da275a

Files

9a0b61974bc3487e1894aa37b8da275a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE