Extracted

• • Target

    65549c0c44948ed7543c30d24f4d6a54521d51e2f8abfcba0d7a73c80c036e27

  • Size

    924KB

  • MD5

    329d0e70f6a56a68f3b750fe0605dec7

  • SHA1

    8015e570fd8c906868b9ce5da814cb86cd6e5db7

  • SHA256

    65549c0c44948ed7543c30d24f4d6a54521d51e2f8abfcba0d7a73c80c036e27

  • SHA512

    b87c5a13ae10bbeb000577f0390ff4552cc7afe19f0d78bbed4d00f67a1b02b811adc9f8dd0cfa1b57481a48680c6b1dbf6e2137939b3ec456f66ff9d138ae5d

  • SSDEEP

    12288:B3j2XoumjvYC2P+0E7eu7gEPEnzz9p6rgzeIkb/pmJgdECgBdVa/ALnDzwDMD1G8:BT26zjV2PT10X5uJQUTxMIo+

  Score

  10^/10

  gh0stratevasionrattrojan

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • UAC bypass

    evasiontrojan

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2