Overview

overview

8

Static

static

c148ef2b74...le.dll

windows7_x64

8

c148ef2b74...le.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c148ef2b7490fa7c5e4d346bf8c7ef97739b5b869938c5c9ba4b7d265966b9b7.sample

  • Size

    348KB

  • Sample

    210726-49ng3ew1rs

  • MD5

    545b25ce5c6c814af5cdef862909b7f7

  • SHA1

    d8648d6a28f5b7dbb1890101ee210e3eb3945ccf

  • SHA256

    c148ef2b7490fa7c5e4d346bf8c7ef97739b5b869938c5c9ba4b7d265966b9b7

  • SHA512

    bfe8aab424e063ec23ce114e7cf73bcf0bb7aaa78ef0ab3a5b6438c363739d19512b4207f5b3dc3c922a1fac807872760ccce0cab5cadefce1d8d7b739246d1a

Score
8/10
bootkitpersistencespywarestealer

Malware Config

Targets

    • Target

      c148ef2b7490fa7c5e4d346bf8c7ef97739b5b869938c5c9ba4b7d265966b9b7.sample

    • Size

      348KB

    • MD5

      545b25ce5c6c814af5cdef862909b7f7

    • SHA1

      d8648d6a28f5b7dbb1890101ee210e3eb3945ccf

    • SHA256

      c148ef2b7490fa7c5e4d346bf8c7ef97739b5b869938c5c9ba4b7d265966b9b7

    • SHA512

      bfe8aab424e063ec23ce114e7cf73bcf0bb7aaa78ef0ab3a5b6438c363739d19512b4207f5b3dc3c922a1fac807872760ccce0cab5cadefce1d8d7b739246d1a

    Score
    8/10
    bootkitpersistencespywarestealer

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Bootkit

1
T1067

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks