gh0strat | c01b4d6ff1c26c21dba06b11f3738372 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c01b4d6ff1c26c21dba06b11f3738372
Size

114KB
MD5

c01b4d6ff1c26c21dba06b11f3738372
SHA1

154db981fa30dbdff4ab1f8f29eef74900d35b43
SHA256

57a0add009582f3f1954e02074ef71d3fc0d9882fef17b1af94a5e753e090305
SHA512

f454f12249f3b756086a401c5f01513ca883f5027815f82202814e5395dfdcbca8cf22f123fb2b5a5cf923d875f4cbd51364a078c1e98961f24ce9f10946e3c6
SSDEEP

1536:Ow8CkL6tpj+OpAxg0gVIoQVsXYpRdoDgrCCkM76cv/FfxREPSt/7K5:OwZSQpKa3VGVnpUlCz764/9xREaNG

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c01b4d6ff1c26c21dba06b11f3738372

Files

c01b4d6ff1c26c21dba06b11f3738372
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE