Extracted

• • Target

    ba37370a4e2c69d6125e3cb76c4b120e06c26fa9a476b13013f1a033749ae120

  • Size

    400KB

  • MD5

    36641ec28d549d2b71f5b016fae295db

  • SHA1

    23262ebeb025cafd64c0c5a28c35f5f4d47a7816

  • SHA256

    ba37370a4e2c69d6125e3cb76c4b120e06c26fa9a476b13013f1a033749ae120

  • SHA512

    21f34e439d30fb7970a399f56f94d234f7e64b4c2ce56bf7c09968bbcdcd713586df2c11d9fdab2f7088d353461a7ec6e22593ed2cc9ee5f72e4f388b2e25eae

  • SSDEEP

    3072:vRK/yLrQbWaR5Qax8c/Yt5Kgm45EWWdfnaZf4Xvl4luK:vIyLEbWaR5CchE6nmCzK

  Score

  10^/10

  gh0stratratpersistence

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2