Extracted

• • Target

    176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebacaN

  • Size

    7.1MB

  • MD5

    2dcf9184a6873daf1b18b996b0ccd8a0

  • SHA1

    9f53b9789feb11ef17629bc27bef805be1078fb8

  • SHA256

    176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebaca

  • SHA512

    9b0762234a3bb69535ff78a33b831283a5caec3ed184d5df56276677ecffa8514bcf4fbe426fbdf4dcfaf0455906650063156fa3d771c448df4effbb91b13438

  • SSDEEP

    3072:gm06THCyt5mbCx6b41trGYTBfdpfZiJfLqye9aq:gm06TAb06gtrGYTBlpfcdqye9aq

  Score

  10^/10

  gh0stratlatentbotdiscoveryrattrojan

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2