gh0strat | f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d | Triage

Submit
Reports

Overview

overview

Static

static

f335f6c735...4d.exe

windows7-x64

f335f6c735...4d.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

Target

f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d
Size

543KB
Sample

221206-v9bmlscd7x
MD5

e62ae0bb541c8b64b56e49e6d9759394
SHA1

2c47b161c8b6aca5778da8e79fd56222a3be25ee
SHA256

f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d
SHA512

c6cc59ad4b4ee2c17d4936f6898c97a00136b16ddf79635c7755136c99d64dde10383c93dfe0ba2b23b15e99368b06f31d6c2478ad9ede86eddee171f1d34d91
SSDEEP

6144:kbB5jfgexjptZL02vIMoIcGRU0MQmEMRxlroXnuUEF9GCpiQdntL:kbB5jfgexjrOA9NRPmxwX/itFJ

Score

10^/10

gh0strat bootkit persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d.exe

Resource

win7-20220812-en

gh0strat bootkit persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d
- Size
  
  543KB
- MD5
  
  e62ae0bb541c8b64b56e49e6d9759394
- SHA1
  
  2c47b161c8b6aca5778da8e79fd56222a3be25ee
- SHA256
  
  f335f6c735b0dd21157a4be8d0ac6f32450215e4e4939e81fbb624ae8619054d
- SHA512
  
  c6cc59ad4b4ee2c17d4936f6898c97a00136b16ddf79635c7755136c99d64dde10383c93dfe0ba2b23b15e99368b06f31d6c2478ad9ede86eddee171f1d34d91
- SSDEEP
  
  6144:kbB5jfgexjptZL02vIMoIcGRU0MQmEMRxlroXnuUEF9GCpiQdntL:kbB5jfgexjrOA9NRPmxwX/itFJ
Score

10^/10

gh0strat bootkit persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratbootkitpersistencerat

behavioral2

© 2018-2025

Terms | Privacy