Extracted

• • Target

    e76c24926275e4aa90876c29d1ed64781146b2df00ffe660f3152da8c06c0cb7

  • Size

    1.1MB

  • MD5

    81063a6ec8fc6b35a92d03c335b61cad

  • SHA1

    a7f5173a6c5774e5c4be66f6e5496aa86fc6ec87

  • SHA256

    e76c24926275e4aa90876c29d1ed64781146b2df00ffe660f3152da8c06c0cb7

  • SHA512

    62964c54bc063f8bc351f7372add1d8f7a2f38b49c6d4a6ce07739a634ae355c9a43dd43810271919dcbfa2f99964050784250108332d1b59595a597a54e55f5

  • SSDEEP

    24576:psRkWF5Vi5Fu5xfSejKWaxRc0Ou1R1DSR0EA1RIkE7cLyll5:yRk+5kwvQIu1R10A1ukEFV

  Score

  10^/10

  gh0stratramnitbankerratspywarestealertrojanupxworm

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2