Extracted

• • Target

    c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

  • Size

    60KB

  • MD5

    90d83bbad8110780e90b8f0beab172f9

  • SHA1

    0ced0e716b07945787bf78ae6296a5f24bfdbe59

  • SHA256

    c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

  • SHA512

    92d4a6697644925176852c2b43bf297b16afadc2a993c135b5aa9df3c74a280bfb7cde883c6bf5c8b06202ff55168997dcf89ef2e791a3aeaca3cb09b6ac7707

  • SSDEEP

    768:3e1iZNbQAKrWGOkGQeN70ZqL378KBBmbUt4i:36iZNer5GQvkUath

  Score

  10^/10

  gh0stratredosdrudiscoverydownloaderloaderratupx

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Redosdru

    Redosdru is a loader/downloader written in C++.

    loaderdownloaderredosdru

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2