Extracted

• • Target

    75414ecadd90893231a6b0dcde33dc2bd28edd383ce43c4cbb020c996366fd84

  • Size

    1.3MB

  • MD5

    8ab064e069a639d707e38ec5d7e85c21

  • SHA1

    b281a5d983f6f9beaa168c9a21c26f05b3ae0c73

  • SHA256

    75414ecadd90893231a6b0dcde33dc2bd28edd383ce43c4cbb020c996366fd84

  • SHA512

    b9abb8d8558a8f2f48326dad2fd0ef17b2bd04f89f6afdcc0f845a6e4546d950f5a4ab5bc408b280956650cdd102c3ac8cae1ba2163006f571bc08fd0d2a3f04

  • SSDEEP

    12288:HwaIOzyiJs8ejj5S/tdBIaPT+3Y12wWVW4:Qa/Di8ejtSPBIaP6I4DVW4

  Score

  10^/10

  gh0stratpersistencerat

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2