gh0strat | 298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8 | Triage

Submit
Reports

Overview

overview

Static

static

298808f7df...f8.exe

windows7-x64

298808f7df...f8.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8
Size

272KB
Sample

221029-yxeqaadhfj
MD5

848dd40441584ba986c693a6817f7aab
SHA1

753277df9b2a5f40160f66c32bb1822edaadc4d0
SHA256

298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8
SHA512

5bb5b000b036696225916914f41cf903a8b977826717fdd2171884a0ae3e1f74d21e7965328b15c52d72917804878b83c3872a4f264c7d272cdca3306397d11f
SSDEEP

6144:t8geGnfgApfZL02vIMj0LuBTraoXnuUEF9Gi2wNf:OgeGnfgANOA9g8pX/in2w

Score

10^/10

gh0strat bootkit persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8.exe

Resource

win7-20220901-en

gh0strat bootkit persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8
- Size
  
  272KB
- MD5
  
  848dd40441584ba986c693a6817f7aab
- SHA1
  
  753277df9b2a5f40160f66c32bb1822edaadc4d0
- SHA256
  
  298808f7df5602851da08e715d75c72d1b76140dec911fd71bbb12d9bdcb6cf8
- SHA512
  
  5bb5b000b036696225916914f41cf903a8b977826717fdd2171884a0ae3e1f74d21e7965328b15c52d72917804878b83c3872a4f264c7d272cdca3306397d11f
- SSDEEP
  
  6144:t8geGnfgApfZL02vIMj0LuBTraoXnuUEF9Gi2wNf:OgeGnfgANOA9g8pX/in2w
Score

10^/10

gh0strat bootkit persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratbootkitpersistencerat

behavioral2

© 2018-2025

Terms | Privacy