gh0strat | 0a326b1125ed6cc9f9b28af1e1e6f49bab495f2a541aa87416bbfc94e945dfd6 | Triage

Sharing

General

Target

0a326b1125ed6cc9f9b28af1e1e6f49bab495f2a541aa87416bbfc94e945dfd6
Size

54KB
MD5

03a62140a124c49a153ea3d5656b7930
SHA1

8d8e72eca998fab10bb27a0ae1f7a51d1f7dafa9
SHA256

0a326b1125ed6cc9f9b28af1e1e6f49bab495f2a541aa87416bbfc94e945dfd6
SHA512

c118d915f76e1627bb7e023a45d942aed79ae3f73051aa9f3641b1dc920c97573e885c4461618e6cfd7ea65f0e1c195db217089ac72d508afa2713726298f647
SSDEEP

1536:T5bZlWakB9GYMURooZHAi7x4yj6bj9aHdJ:tbZAakB9ZMUxHAi7E92dJ

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0a326b1125ed6cc9f9b28af1e1e6f49bab495f2a541aa87416bbfc94e945dfd6
unpack001/out.upx

Files

0a326b1125ed6cc9f9b28af1e1e6f49bab495f2a541aa87416bbfc94e945dfd6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ