Extracted

• • Target

    1edbf656af8dd8266eb745423abf553cf387a70259d105c5a1a0175d109ca457

  • Size

    388KB

  • MD5

    f734be5980f5b87a76f2a1ebce02023d

  • SHA1

    7613f401bb49f0519c4dc216d0024e4032466c4c

  • SHA256

    1edbf656af8dd8266eb745423abf553cf387a70259d105c5a1a0175d109ca457

  • SHA512

    82bdd87cb12543567a314f44edee995c782506edd6212f172bbb3100a87cc9f4f7f22efdae6b8209f93c07db304a2edd14160c83875a029f2d64807a4b84aaf8

  • SSDEEP

    3072:ecK/yLrQbWaR5Qax8c/YtVpBNh7//g9WEvn8p9o1LQU9S1ZfKOYM1AY:eXyLEbWaR5CcEpB/IHao2EUYMV

  Score

  10^/10

  gh0stratratpersistence

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2