Extracted

• • Target

    4b0025b997860a470aa637ae5d32c2f424b3883fdaa7fe8f5ec3ac7d11b8b114

  • Size

    2.1MB

  • MD5

    64e0ee6e6274b3201dac5d865b4bac0a

  • SHA1

    3fedaab5ceb3165d4366eb119d66fc916ac37d3b

  • SHA256

    4b0025b997860a470aa637ae5d32c2f424b3883fdaa7fe8f5ec3ac7d11b8b114

  • SHA512

    fdf82bd602134b250fe0d884454f2f50eb22316f794cc2e3515da5eef203e5136415ba0d4d9461beabc6ecc73e41e902da25048d2488b0da9f9bd83a917830d0

  • SSDEEP

    49152:ngkg7Ge49gn8erH0r8SWAdikwBG4ITHkGzgghz1jPhPubxS4wo9QFhhhZhXaEo:q7Ge49reri8SWAdikwBG4eHkGznzBPVE

  Score

  10^/10

  gh0stratdiscoveryratpersistence

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2