gh0strat | e0a6856da245c388a4fb6312efdc0ffc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0a6856da245c388a4fb6312efdc0ffc
Size

112KB
MD5

e0a6856da245c388a4fb6312efdc0ffc
SHA1

25ffec03069edf92d07e7883cc0eb3efac38aeea
SHA256

038bde2530d715d5186baf056baec5f971e46aff4810201a37173a917b80dcc9
SHA512

a74f854bab0ea182713f5480acc5eba46236e0eb18705b7819571b705b453cec5597e90bee1c9c1f5973c2337ef6eb080c56657694e4fb4e5e938cb2aae46799
SSDEEP

3072:FLmheFzQD4X979/bUH9B18BrsKIksmvXOxN:He4nS9jOYKzsmvOxN

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0a6856da245c388a4fb6312efdc0ffc

Files

e0a6856da245c388a4fb6312efdc0ffc
.exe windows:4 windows x86 arch:x86

acd9fa3a74cc4c1d92998e6ad62eeb8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA

user32

wsprintfA
MessageBoxA

Sections

.data
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE