Extracted

• • Target

    8d49896b282a08c503c04a27851907261c97e458717e6389e2b88fa876d8d07e

  • Size

    1.4MB

  • MD5

    2941256472314ccf1d6670de4bb14b80

  • SHA1

    3fac0c56e5a90d5577a8b5a56f0477a13fd139c6

  • SHA256

    8d49896b282a08c503c04a27851907261c97e458717e6389e2b88fa876d8d07e

  • SHA512

    c8615ffb538c087af763ba598250667f300c765b2eca1d8c18cc8ff68732eb50193ed6b07a0a7ba3215c53777476947d670089b797f979ff667188167cb0df39

  • SSDEEP

    6144:9kyLEbWaR5Cc78p6Y8+HkkrhhhhhhhhhhhhhhhZRSMH:KUaWaR5vYpVrhhhhhhhhhhhhhhh9

  Score

  10^/10

  gh0stratdiscoveryratpersistence

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Gh0strat family

    gh0strat

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2