gh0strat | ea40ba3517a9cd2d500bdc33535116bf0adb1c4f29e77333c6612f6f8e9d9714 | Triage

Sharing

General

Target

ea40ba3517a9cd2d500bdc33535116bf0adb1c4f29e77333c6612f6f8e9d9714
Size

1.7MB
MD5

720a1e022b9681bbdbf54e5d7209a2be
SHA1

6cf41e173d3dac7d57ff4809f32b2061635446b8
SHA256

ea40ba3517a9cd2d500bdc33535116bf0adb1c4f29e77333c6612f6f8e9d9714
SHA512

534b7ae1a9416c938a5484cf6a43a3f5f0207037615e4fac8cbcfa9546fafbb37533bdccfeea36384bc2521fbf89f9150a9682aa3a188bfb6b00ed1944842b73
SSDEEP

24576:R9qhtDUHFNvyC6X3bQm1JHiMhx6VbOSZ5IXMbVepBCBwVuFxPsqhJcsNXV3QbNW0:R9qBkmmbOa6McpBCBZrPF//JK

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

Processes:

resource yara_rule

sample family_gh0strat
Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ea40ba3517a9cd2d500bdc33535116bf0adb1c4f29e77333c6612f6f8e9d9714

Files

ea40ba3517a9cd2d500bdc33535116bf0adb1c4f29e77333c6612f6f8e9d9714
.exe windows:4 windows x86 arch:x86

703074f7e4b33aefff112f419dacba1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4218

msvcrt

atoi

kernel32

HeapFree

user32

ValidateRect

gdi32

SelectObject

comctl32

ImageList_AddMasked

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 704KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 996KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ