Extracted

• • Target

    3f5aa0a4118bfffd27e9ae8c6093820e90266f44d35c9e591e8aa196b011b757

  • Size

    592KB

  • MD5

    bcbc0768bd29b7a8d23e4e7a471e3c7a

  • SHA1

    e427a3ac051c1176925df087de4df4f08e1b0152

  • SHA256

    3f5aa0a4118bfffd27e9ae8c6093820e90266f44d35c9e591e8aa196b011b757

  • SHA512

    1fbb1799b69e34ccc62e88302ca2aa865c03825ddc6c42dd5fd48c503791b9954a6a301a34ea12e0b1663bdddb7432e367be22f0b053c5475585938c8e845935

  • SSDEEP

    6144:dMOMcpeYKf8HwfmRPr+bHN/E9GLTg2IKNH0ZUaXDoFjKwG0/Obgm8gjwPyqVHEPH:dMG5qsP2SGL3FaToFjZGUObj0PyyEPH

  Score

  10^/10

  gh0stratevasionrattrojan

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • UAC bypass

    evasiontrojan

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2