Extracted

• • Target

    11L3O67.exe

  • Size

    3.3MB

  • MD5

    55676704ea30ec80782a6fe129ecd07a

  • SHA1

    b2935565cc449db1ceb78618f06b145eed7b129f

  • SHA256

    add99c5e79d3b6736133c2d0336c8386b7c68ce99839b83208ba3b832e5627ff

  • SHA512

    3ceead21394022fd33cbfec8332a67791223d52189d7b383c714662fcb8d2f7354a3070a80219e49840f793402a7726b003bd5a1a9aa77e014c26a6e9c5fcd9c

  • SSDEEP

    98304:ZGwl5CrmnosDeIp8ZoctqhBtky7zZ+iDCRDtVCQ4:ZXl5HnoipqkhBtky7zZeRDtZ4

  Score

  10^/10

  gh0stratevasionrattrojan

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • UAC bypass

    evasiontrojan

  • Modifies RDP port number used by Windows

  behavioral1behavioral2