Overview

overview

10

Static

static

55c3fe8f8d...bf.exe

windows7-x64

10

55c3fe8f8d...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55c3fe8f8d9c74b3ec177ae34980b2b7a41699f8dda5c436d3da9299a3c4c4bf

  • Size

    192KB

  • Sample

    221004-cg7v8sgecq

  • MD5

    322c08af3d8a278f01ff9a3d9cb902c0

  • SHA1

    36737e27ba0a9cca01c3123f41fe8d214d3159ba

  • SHA256

    55c3fe8f8d9c74b3ec177ae34980b2b7a41699f8dda5c436d3da9299a3c4c4bf

  • SHA512

    e3e4653f3163247473c97c70ed42726ea0bd81b6013b51d05ab4422ee3a6f312be2cb3ea5d11d8e959ad178726062f063c1eb2e0f77998a936193f2e2785f0ad

  • SSDEEP

    3072:LbybpZknW34cWm6zOpUcv9fcGMfs0A6JlPlHJH3Q+OKthU0x:LCZknW34cWm6GfcGMbDWI2

Score
10/10
gh0stratbootkitpersistencerat

Malware Config

Targets

    • Target

      55c3fe8f8d9c74b3ec177ae34980b2b7a41699f8dda5c436d3da9299a3c4c4bf

    • Size

      192KB

    • MD5

      322c08af3d8a278f01ff9a3d9cb902c0

    • SHA1

      36737e27ba0a9cca01c3123f41fe8d214d3159ba

    • SHA256

      55c3fe8f8d9c74b3ec177ae34980b2b7a41699f8dda5c436d3da9299a3c4c4bf

    • SHA512

      e3e4653f3163247473c97c70ed42726ea0bd81b6013b51d05ab4422ee3a6f312be2cb3ea5d11d8e959ad178726062f063c1eb2e0f77998a936193f2e2785f0ad

    • SSDEEP

      3072:LbybpZknW34cWm6zOpUcv9fcGMfs0A6JlPlHJH3Q+OKthU0x:LCZknW34cWm6GfcGMbDWI2

    Score
    10/10
    gh0stratbootkitpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks