Overview

overview

10

Static

static

bdc8610804...78.exe

windows7-x64

10

bdc8610804...78.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    bdc8610804f8b5da9e999ee2b2623d2cfbf16d1d4e57fee4a0db49b9e4485d78

  • Size

    82KB

  • Sample

    220919-ry6rtsghhl

  • MD5

    e8e6622c0c138aa05e41ab5bde02db58

  • SHA1

    196ae20a721f3d30e2bbc2d6e86e15e4c208766d

  • SHA256

    bdc8610804f8b5da9e999ee2b2623d2cfbf16d1d4e57fee4a0db49b9e4485d78

  • SHA512

    7cab8712ea685ae0581f531445000fed9688bfd9f7a8aecc92f13e7397292b973685f92d721336ad073ba8b0dcc903473049c9476e439804b256a86cdcc1cdcc

  • SSDEEP

    1536:gW2XxJ+1IT+7SDZIvyDEsq0Hcl16bwpLojUoZwRZJNLmTqWRWaS:gW+J+1IT+cqylD8l1ewpcjUZDNmrI

Score
10/10
gh0stratbootkitpersistencerat

Malware Config

Targets

    • Target

      bdc8610804f8b5da9e999ee2b2623d2cfbf16d1d4e57fee4a0db49b9e4485d78

    • Size

      82KB

    • MD5

      e8e6622c0c138aa05e41ab5bde02db58

    • SHA1

      196ae20a721f3d30e2bbc2d6e86e15e4c208766d

    • SHA256

      bdc8610804f8b5da9e999ee2b2623d2cfbf16d1d4e57fee4a0db49b9e4485d78

    • SHA512

      7cab8712ea685ae0581f531445000fed9688bfd9f7a8aecc92f13e7397292b973685f92d721336ad073ba8b0dcc903473049c9476e439804b256a86cdcc1cdcc

    • SSDEEP

      1536:gW2XxJ+1IT+7SDZIvyDEsq0Hcl16bwpLojUoZwRZJNLmTqWRWaS:gW+J+1IT+cqylD8l1ewpcjUZDNmrI

    Score
    10/10
    gh0stratbootkitpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks