gh0strat | 28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc | Triage

Submit
Reports

Overview

overview

Static

static

28ec517634...fc.exe

windows7-x64

28ec517634...fc.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc
Size

265KB
Sample

220919-q5re2sfddm
MD5

c77fa2063b56c71ed7afbf03890864db
SHA1

b082836f5c1bee0371fefddb37d7d72a8712076e
SHA256

28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc
SHA512

a33508d56dd035eb26cf12b64fb8732265211a99849ad46920c7d4a126cf0ce2f73f1f858ada53bce0160c9189da82120a109722998463839f178422bb4451fe
SSDEEP

6144:xHAge/rGpjZL02vIM4IHaQlJLsHaKMsHleE8wUVLEdqdBTLr:xHAge/SZOA9DrDQHZHCwauqd1r

Score

10^/10

gh0strat bootkit persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc.exe

Resource

win7-20220812-en

gh0strat bootkit persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc
- Size
  
  265KB
- MD5
  
  c77fa2063b56c71ed7afbf03890864db
- SHA1
  
  b082836f5c1bee0371fefddb37d7d72a8712076e
- SHA256
  
  28ec5176349c8a92aa197462bcad4147c99b32d34498474d5b130720970185fc
- SHA512
  
  a33508d56dd035eb26cf12b64fb8732265211a99849ad46920c7d4a126cf0ce2f73f1f858ada53bce0160c9189da82120a109722998463839f178422bb4451fe
- SSDEEP
  
  6144:xHAge/rGpjZL02vIM4IHaQlJLsHaKMsHleE8wUVLEdqdBTLr:xHAge/SZOA9DrDQHZHCwauqd1r
Score

10^/10

gh0strat bootkit persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratbootkitpersistencerat

behavioral2

© 2018-2025

Terms | Privacy