Ghoul_Multi_tool[.]rar

Resubmissions

21/02/2024, 01:05

240221-bfwwxahd36 7

21/02/2024, 01:05

240221-bfmy1ahd34 7

Sharing

Copy URL

Twitter E-mail

General

Target

Ghoul_Multi_tool.rar
Size

859KB
MD5

064d60057c3d7f90bff7e63ab1890026
SHA1

77d8258d313e01b1b642efe6d3ecc68a2c1b2771
SHA256

2d30a13b39a0b56f3c13a7511a4fd9408e75a00d8b757d8226e25ba29cf9c6b7
SHA512

c88325421ee7fc9a9db17a81ded9763d699f7821c4a0db05974831e14bb0d2bcd1052094d037659058fcfe3daf9c82d653a5ce48f3853be3e818bf630daf9c01
SSDEEP

12288:AWJSKyT3dlTQsCGP2ahWGfDf/7IKtoU/ZwRRQp95g49I8B/Iq/osqMUnYLyW+UBY:nSK+/pLX8K7/2RQpf9jh7qMOWyWDfA

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/301ViewPumper.exe
unpack001/ObjectListView.dll
unpack001/paping.exe
unpack001/portscanner1.exe

Files

Ghoul_Multi_tool.rar
.rar

Password: root
301ViewPumper.exe
.exe windows:4 windows x86 arch:x86

Password: root

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Proiecte\301ViewPumper\301ViewPumper\bin\Debug\Obfuscated\301ViewPumper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Credits.txt
Ghoul Multi tool.bat
Notepad++.lnk
.lnk
ObjectListView.dll
.dll windows:4 windows x86 arch:x86

Password: root

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\zz\ObjList2.6\ObjectListView\obj\Debug\ObjectListView.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pinger.bat
TCP.bat
http_proxies.txt
iplookup.bat
.bat .vbs
paping.exe
.exe windows:5 windows x86 arch:x86

Password: root

4a32289c717ca08ae1a68891867495da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\paping\paping_vs2010\Debug\paping_vs2010.pdb

Imports

kernel32

GetSystemTimeAsFileTime
Sleep
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
SetEnvironmentVariableA
CompareStringW
SetStdHandle
VirtualQuery
GetProcessHeap
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
OutputDebugStringW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedCompareExchange
RtlUnwind
RaiseException
HeapValidate
IsBadReadPtr
GetTimeZoneInformation
GetLastError
SetConsoleCtrlHandler
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetCPInfo
LCMapStringW
lstrlenA
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
InitializeCriticalSectionAndSpinCount
FatalAppExitA
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
WriteFile
FreeLibrary
GetLocaleInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
CreateFileW

ws2_32

socket
htons
ioctlsocket
connect
select
closesocket
__WSAFDIsSet
WSAStartup
gethostbyname
WSACleanup
inet_ntoa

Sections

.textbss
Size: - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
portscanner1.exe
.exe windows:4 windows x64 arch:x64

Password: root

df05c967d2c73dc45e88907e734d707a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_ftime
_initterm
_lock
_lseeki64
_onexit
_read
_setjmp
_strnicmp
_unlock
_write
_write
abort
calloc
clock
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
isspace
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strcmp
strcoll
strerror
strftime
strlen
strncmp
strxfrm
system
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
closesocket
connect
htons
inet_addr
socket

Sections

.text
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
set.txt
socks4_proxies.txt
socks5_proxies.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: root

Password: root

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 156KB - Virtual size: 156KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 101KB - Virtual size: 101KB

Password: root

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 440KB - Virtual size: 440KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: root

4a32289c717ca08ae1a68891867495da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Sections

.textbss Size: - Virtual size: 213KB

.text Size: 456KB - Virtual size: 455KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 8KB - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

Password: root

df05c967d2c73dc45e88907e734d707a

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 474KB - Virtual size: 473KB

.data Size: 84KB - Virtual size: 84KB

.rdata Size: 53KB - Virtual size: 52KB

.pdata Size: 30KB - Virtual size: 30KB

.xdata Size: 43KB - Virtual size: 42KB

.bss Size: - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 960B

/4 Size: 2KB - Virtual size: 2KB

/19 Size: 118KB - Virtual size: 118KB

/31 Size: 18KB - Virtual size: 18KB

/45 Size: 23KB - Virtual size: 23KB

/57 Size: 10KB - Virtual size: 10KB

/70 Size: 1KB - Virtual size: 1KB

/81 Size: 132KB - Virtual size: 132KB

/92 Size: 6KB - Virtual size: 5KB

.text
Size: 156KB - Virtual size: 156KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 101KB - Virtual size: 101KB

.text
Size: 440KB - Virtual size: 440KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.textbss
Size: - Virtual size: 213KB

.text
Size: 456KB - Virtual size: 455KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 8KB - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 474KB - Virtual size: 473KB

.data
Size: 84KB - Virtual size: 84KB

.rdata
Size: 53KB - Virtual size: 52KB

.pdata
Size: 30KB - Virtual size: 30KB

.xdata
Size: 43KB - Virtual size: 42KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 960B

/4
Size: 2KB - Virtual size: 2KB

/19
Size: 118KB - Virtual size: 118KB

/31
Size: 18KB - Virtual size: 18KB

/45
Size: 23KB - Virtual size: 23KB

/57
Size: 10KB - Virtual size: 10KB

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 132KB - Virtual size: 132KB

/92
Size: 6KB - Virtual size: 5KB