gh0strat | aa996520df116af968f7963f69968cab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa996520df116af968f7963f69968cab
Size

109KB
MD5

aa996520df116af968f7963f69968cab
SHA1

db69ecee0d82cd2a52a1ae153452f4716f205a5e
SHA256

c17e59351fe0c5a489f680cc8e79b03670bfa3bec604fd43f6637a0b22a298dd
SHA512

4c7516901d2077c6d014ef473bccacfa7664793c93db0aeccd469de2ba8cfec8f8fedc1daf5e8b28a15c36704e3083ec52a04c3cbe161bf61dbf6c88e07b9956
SSDEEP

1536:+0XkdyOpDJXGPojaiM9SNuNRH1UnJp1VcM/vfh7EeHk1HgHNcj5snTzR:jXopDJXGIMPAnJXVb/Xh7EgGgHNosnT9

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa996520df116af968f7963f69968cab

Files

aa996520df116af968f7963f69968cab
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Sqtt+.(Zw`
Aw`d{qw_s{|

Sections

.text
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

_playo
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.winde
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE