gh0strat | 03f9dcec5d68cccbc8677ff4d4715818[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

03f9dcec5d68cccbc8677ff4d4715818.bin
Size

152KB
MD5

03f9dcec5d68cccbc8677ff4d4715818
SHA1

98191073e3e35ecb1519093f15ec24770cf26186
SHA256

22cc32509b0e9341a4aeaccbabf7c28b4a6db27f737d95a942bca0f34238f57c
SHA512

b062fc199d3af34f27b1595f41fa968916c2876a94a301052bb4f0438bd345b69b23c45b276884edf11ccf33d088534aef98fbd292bb459da9ba3fe3e8589329
SSDEEP

3072:N458l71rmrMuX4NF1Nl6kauYVtsyZh0PTTBftzkR/HkQWJBetU:oaibX4N/VYXsyZh0PTTBlgR/Hk0tU

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f9dcec5d68cccbc8677ff4d4715818.bin

Files

03f9dcec5d68cccbc8677ff4d4715818.bin
.dll windows:4 windows x86 arch:x86

af04a241cb2bbf371e041c8339cbe181

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExW

user32

CloseWindowStation
GetClassNameA
GetWindow
ShowWindow
CreateWindowExA
DestroyWindow
MessageBoxA
LoadCursorA
DestroyCursor
GetCursorInfo
wvsprintfA
wsprintfA

kernel32

RaiseException
GetExitCodeProcess
ExitProcess
IsBadWritePtr
FormatMessageA
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetShortPathNameA
CreateFileMappingA
GetTickCount
lstrlenA
LocalFree
GetProcAddress
GetModuleHandleA
GetLastError
lstrcmpiA
lstrcpyA
LocalReAlloc
LocalSize
LocalAlloc
CloseHandle
Sleep
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GlobalFree
GlobalAlloc
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
DeleteFileA
RemoveDirectoryA
ExitThread
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
lstrcmpA
VirtualProtect
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
ExpandEnvironmentStringsA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile
LoadLibraryA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_strupr
_strlwr
_wcsicmp
_memicmp
??3@YAXPAX@Z
rand
srand
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
strchr
_except_handler3
strncpy
atoi
strstr
wcstombs
realloc
malloc
free
_CxxThrowException
_beginthreadex
strncat
strrchr
wcslen
memmove
ceil
wcsrchr

Exports

Exports

CpyCommon

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af04a241cb2bbf371e041c8339cbe181

Headers

File Characteristics

Imports

advapi32

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB