gh0strat | 16bd5718170fa4234d31b8516ebe7e538268fa57b476c7799b595d3076120cdb[.]exe | Triage

Sharing

General

Target

16bd5718170fa4234d31b8516ebe7e538268fa57b476c7799b595d3076120cdb.exe
Size

204KB
MD5

a773daa221ede696fb246bf94a49a746
SHA1

7f65c073c7108ed9e2315bf2bd45b02e503b1610
SHA256

16bd5718170fa4234d31b8516ebe7e538268fa57b476c7799b595d3076120cdb
SHA512

9c95c26f6495c0fdf4a6415bdb5202a408597ed920e21682737f98749c85475b5315b505bd1f807db65c76aebfc81c0ffbd51466b2c18fbeb18ca8205639cf9d
SSDEEP

3072:kTeTY1Em5WBqwP3fsRQ/Xz7iastKyC/hX62xv37ntmefweTD:kiTViWB0uL7thJ57p37tYw

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16bd5718170fa4234d31b8516ebe7e538268fa57b476c7799b595d3076120cdb.exe

Files

16bd5718170fa4234d31b8516ebe7e538268fa57b476c7799b595d3076120cdb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jiao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jia
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE