Sample details: db19d34e5935f9f230ee3c8dcaed8d7b --

Hashes
MD5: db19d34e5935f9f230ee3c8dcaed8d7b
SHA1: bbe9d7b90cfd6e9a61165270e189b3ad7d4ea6cb
SHA256: f13f67fc5e53225d048a6d7b8ed82eaadd4fa5d8320b5b6b67b1ee7bebe1a005
SSDEEP: 12288:Ue82Y0Wtx6C6OET19AMVJIGtM5qmvmybBx4Vbiqoy6sDkWfIVQWZ8219UKQ2p:t82XGxs7A2JI2M5xvmybBx4Vbiqoy6sc
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/System_Tools | YRP/Antivirus | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/create_service | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/sniff_audio | YRP/rat_rdp | YRP/rat_webcam | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/IronTiger_Gh0stRAT_variant |
Source
http://42.51.45.51:8080/win.exe