gh0strat | 9baa13d9ef280b72b70937793dc80731 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9baa13d9ef280b72b70937793dc80731
Size

307KB
MD5

9baa13d9ef280b72b70937793dc80731
SHA1

bf47403911a9466721da2c32df81e52cbf3b807e
SHA256

f26b8ac964e46a2943032f30c823131070158b4cd0bb8afa626d4801bc246b88
SHA512

e5a192dc5b67c2db5995920f1d5ac983af85272cf6f6789b4a6b7234dba68ea9271c3e6d3df4584491ea37aa7491576b7989762ee6da49e370344a181ce33121
SSDEEP

6144:5JVGpxx9b0BZuwqLGxZyMb1ki0gsnOubRDgkeyuJZE92U8/U67v0WhX:5JI3L0rMqYMbqi0vfR8keJMup0WhX

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9baa13d9ef280b72b70937793dc80731

Files

9baa13d9ef280b72b70937793dc80731
.dll windows:0 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ