gh0strat | db08e8e975a26558319d0004e3f0fb987ba52fa67c36b43619ed8efd71f51675 | Triage

Submit
Reports

Overview

overview

Static

static

3

fdb9c80a0d...18.exe

windows7-x64

fdb9c80a0d...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

Target

fdb9c80a0da3937f08a5ab87e9d6a368_JaffaCakes118
Size

264KB
Sample

240420-1p73zabd8w
MD5

fdb9c80a0da3937f08a5ab87e9d6a368
SHA1

42ea86c4f9f7b284bc6b91cbd217ec0898b7b5f9
SHA256

db08e8e975a26558319d0004e3f0fb987ba52fa67c36b43619ed8efd71f51675
SHA512

68fc4ebdd96986eb0a1b2f0a87ddb969290a65cb34605bc9c6328fb3f9a4127ff6be723f1fd055f66db42aa3cb48cd28a619d56f316ff12a922eb4d06d4da17c
SSDEEP

6144:0aEqaPougeuaRJ1ZL02vIMbZsXCv0vKvf8QLBBzAM+GuN8ZpQP:0I+geuaVOA9oCv0ClLbzL+GI

Score

10^/10

gh0strat bootkit persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fdb9c80a0da3937f08a5ab87e9d6a368_JaffaCakes118.exe

Resource

win7-20240220-en

gh0strat bootkit persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fdb9c80a0da3937f08a5ab87e9d6a368_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  fdb9c80a0da3937f08a5ab87e9d6a368_JaffaCakes118
- Size
  
  264KB
- MD5
  
  fdb9c80a0da3937f08a5ab87e9d6a368
- SHA1
  
  42ea86c4f9f7b284bc6b91cbd217ec0898b7b5f9
- SHA256
  
  db08e8e975a26558319d0004e3f0fb987ba52fa67c36b43619ed8efd71f51675
- SHA512
  
  68fc4ebdd96986eb0a1b2f0a87ddb969290a65cb34605bc9c6328fb3f9a4127ff6be723f1fd055f66db42aa3cb48cd28a619d56f316ff12a922eb4d06d4da17c
- SSDEEP
  
  6144:0aEqaPougeuaRJ1ZL02vIMbZsXCv0vKvf8QLBBzAM+GuN8ZpQP:0I+geuaVOA9oCv0ClLbzL+GI
Score

10^/10

gh0strat bootkit persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratbootkitpersistencerat

behavioral2

© 2018-2025

Terms | Privacy