Behavioral task
behavioral1
Sample
0139422358150eda3958945b70568121b7037e50a0968e2a1c978f7c309aa318.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0139422358150eda3958945b70568121b7037e50a0968e2a1c978f7c309aa318.exe
Resource
win10v2004-20240704-en
General
-
Target
0139422358150eda3958945b70568121b7037e50a0968e2a1c978f7c309aa318
-
Size
348KB
-
MD5
cafdd4962dd00ff3d59b0481bef83c78
-
SHA1
bc9da8b3decb86edfbc3c5eab6ac8c40543ee814
-
SHA256
0139422358150eda3958945b70568121b7037e50a0968e2a1c978f7c309aa318
-
SHA512
29063753a504f46343c917040de19640751bf47d0e36012e0e5eb18a87c868d6ac6c35faf500e95220578e89a907cff2c6f291f71277ceb72055ee9c6a02b6fb
-
SSDEEP
6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0SX:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0z
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule sample family_gh0strat -
Gh0strat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0139422358150eda3958945b70568121b7037e50a0968e2a1c978f7c309aa318
Files
-
0139422358150eda3958945b70568121b7037e50a0968e2a1c978f7c309aa318.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.data Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 145KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.nkh Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE