gh0strat | f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68 | Triage

Submit
Reports

Overview

overview

Static

static

f87ac42c85...68.exe

windows7-x64

f87ac42c85...68.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

Target

f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68
Size

432KB
Sample

221206-v89s1scd7v
MD5

f6826fe12e7d23a4d1a31b66ece3034a
SHA1

965e12060ebc31ead1618d629884f46918ec09a9
SHA256

f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68
SHA512

0be8d783281bf781857db69a360f774c391a0196a9d73a6544ba37b1d29909cd5ec92023e964da39956954e5fcc1ef500db8b9e510a73a28efff6c5e0fc24a5c
SSDEEP

6144:kbB5jfgexjptZL02vIMoIcGRU0MQmEMRxlroXnuUEF9GCpiQdw9A50q:kbB5jfgexjrOA9NRPmxwX/itFJ

Score

10^/10

gh0strat bootkit persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68.exe

Resource

win7-20220812-en

gh0strat bootkit persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68
- Size
  
  432KB
- MD5
  
  f6826fe12e7d23a4d1a31b66ece3034a
- SHA1
  
  965e12060ebc31ead1618d629884f46918ec09a9
- SHA256
  
  f87ac42c85373d3fe2f27a981b45f80d2e6c1551eace644cde5de77313045e68
- SHA512
  
  0be8d783281bf781857db69a360f774c391a0196a9d73a6544ba37b1d29909cd5ec92023e964da39956954e5fcc1ef500db8b9e510a73a28efff6c5e0fc24a5c
- SSDEEP
  
  6144:kbB5jfgexjptZL02vIMoIcGRU0MQmEMRxlroXnuUEF9GCpiQdw9A50q:kbB5jfgexjrOA9NRPmxwX/itFJ
Score

10^/10

gh0strat bootkit persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratbootkitpersistencerat

behavioral2

© 2018-2025

Terms | Privacy