Extracted

• • Target

    1433.exe

  • Size

    353KB

  • MD5

    63573bb58c5b28cc5671cf7b121671c7

  • SHA1

    79ca6878a2fae339bd8abbc0f3b42a2516d74779

  • SHA256

    cc5a84f68a4bc2303461ba75506ce239a3128f7a3b3068e663c16d2fb6336edb

  • SHA512

    fa9864f8e5d8e104d5f9e6c0ffdb820dd9e7ef365fa856d9903e735d9c36105530baf24fbb1e3e2025e10d2eff54d7cba7f4ef8f42af00ffbdb62cb9f76eea8f

  • SSDEEP

    6144:qmBZ5WcNancq4m8Jm50HkbIn9tskARz/pkkYLZxYYWz3mvxo:LBZ5WcYnBH8Jm5Fg9tskAt/pkbrYYWzD

  Score

  10^/10

  gh0stratredosdrudiscoverydownloaderloaderpersistenceratupx

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Gh0strat family

    gh0strat

  • Redosdru

    Redosdru is a loader/downloader written in C++.

    loaderdownloaderredosdru

  • Redosdru family

    redosdru

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1