gh0strat | 9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c | Triage

Submit
Reports

Overview

overview

Static

static

9f5c7e2bda...8c.exe

windows7-x64

9f5c7e2bda...8c.exe

windows10-2004-x64

3

Sharing

General

Target

9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c
Size

392KB
Sample

221203-2k34wsff7y
MD5

e5bc9ca9ea589d5aabd8325e8476d253
SHA1

c2fa8a3dbfeb72df437fe70dfb2e2d07429ff415
SHA256

9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c
SHA512

dfc18b03177badb480e15eebc825e56b838a66161ecfe4988218f83dedb7cec47a2aea75c01aad29928e55d86d4d97acc28bd27b88db8f34a44df5ca89304a2d
SSDEEP

6144:GZbXGgeRu/HYMDUkR3GKvf8QLBBzAM+GuN8QpKP+fA:GZjGgeRu1DUIlLbzL+jk+fA

Score

10^/10

gh0strat bootkit persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c.exe

Resource

win7-20220812-en

gh0strat bootkit persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c
- Size
  
  392KB
- MD5
  
  e5bc9ca9ea589d5aabd8325e8476d253
- SHA1
  
  c2fa8a3dbfeb72df437fe70dfb2e2d07429ff415
- SHA256
  
  9f5c7e2bdaa4d43e455270ecefcaa34edc0c7c7388bdd345e3d4f4f4477e9d8c
- SHA512
  
  dfc18b03177badb480e15eebc825e56b838a66161ecfe4988218f83dedb7cec47a2aea75c01aad29928e55d86d4d97acc28bd27b88db8f34a44df5ca89304a2d
- SSDEEP
  
  6144:GZbXGgeRu/HYMDUkR3GKvf8QLBBzAM+GuN8QpKP+fA:GZjGgeRu1DUIlLbzL+jk+fA
Score

10^/10

gh0strat bootkit persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratbootkitpersistencerat

behavioral2

© 2018-2025

Terms | Privacy