gh0strat | c92c0db4e8128de58112ab8b909c7a47 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c92c0db4e8128de58112ab8b909c7a47
Size

152KB
MD5

c92c0db4e8128de58112ab8b909c7a47
SHA1

afaec369a79081fd082d92f10a080182e4ff813d
SHA256

65356e52aa1f1c752cbc33bb3ba18cca08ce7774fde3dc242f9d2d5d3ab59511
SHA512

4c665917e99b28d69b2a313da8870afc748d008c5a5f2d01397b455baef40acf0ae6b37ab30d3bb939d1c7486f6605c275d6b7381bb8a01d08946815654e215e
SSDEEP

3072:Sfib9f9XX27/oPy2LUbhxQHmmErg1F9TBftNVTQnt4I:S6hf9HLBobaEk/9TBlPQn6

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c92c0db4e8128de58112ab8b909c7a47

Files

c92c0db4e8128de58112ab8b909c7a47
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllMain
DllRegisterServer
DllUnregisterServer
GetHWID
IBlackBox_CreateInstance
IBlackBox_CreateInstance2

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ