gh0strat | c5a2434f0f59fde08604895d58141f9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5a2434f0f59fde08604895d58141f9f
Size

112KB
MD5

c5a2434f0f59fde08604895d58141f9f
SHA1

c39410a32751d0d89715f6507284deb36d35f8e5
SHA256

f1b4a031ca4c1a5d3e19f692c9c970c9e5750ccc1d525817539a0d32d376c1f9
SHA512

122fc9dd7736ba5a11e9da5e222966ce88f567309d5616dc97584650ad078c7b2c8c5d17ebff4e57498cb8b3b040319214e2b250bc3a1b092291a8d4fe5e19b6
SSDEEP

768:ZZRDh0D0L/OxxAyb2MqAE2sFFxJJb1JCnS:ZZR9XL/7yb/OxJJT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5a2434f0f59fde08604895d58141f9f

Files

c5a2434f0f59fde08604895d58141f9f
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ