Extracted

• • Target

    NEAS.8dc7625de7e66a1387caa9f6219533db636dcb1b26d77a8a868029c904f729c4_JC.exe

  • Size

    10.1MB

  • MD5

    0afb464d2654193dac667c26a24afbd0

  • SHA1

    cc52ed0e0caba7a3dab7b40f4d06605205d8a9df

  • SHA256

    8dc7625de7e66a1387caa9f6219533db636dcb1b26d77a8a868029c904f729c4

  • SHA512

    2290595bb7bc96b7d46ccce660c808bf58d18802e82f89407e6887d030e66ebe636c35fe917aed1c95f74387aab7c0f4a449f17749a8e58b8066b28c38ac4e5d

  • SSDEEP

    6144:1IposGo+OMpe4HMHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHf:SpodaMo4Y

  Score

  10^/10

  gh0stratratupxpersistence

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2