Overview

overview

8

Static

static

8

4fdff06f5d...a9.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4fdff06f5d722f23b63ea3a962a2024ab708c4f8d7b215224c43de2eb87ad3a9.exe

  • Size

    641KB

  • Sample

    211207-fgqthaagh4

  • MD5

    d4a38bbb599347a38abe51708ebc1fb4

  • SHA1

    82837e477be35081dc9c4552ed1c4019c2ebc3eb

  • SHA256

    4fdff06f5d722f23b63ea3a962a2024ab708c4f8d7b215224c43de2eb87ad3a9

  • SHA512

    abf59d2461ff774bd0892cbc542c039790cb70540702fa0672238fbfedd4c370398c33040a07b450a4eaee638248a456c50945ca2a62443d4bc7adf04121e3d3

Score
8/10
bootkitpersistencespywarestealerupx

Malware Config

Targets

    • Target

      4fdff06f5d722f23b63ea3a962a2024ab708c4f8d7b215224c43de2eb87ad3a9.exe

    • Size

      641KB

    • MD5

      d4a38bbb599347a38abe51708ebc1fb4

    • SHA1

      82837e477be35081dc9c4552ed1c4019c2ebc3eb

    • SHA256

      4fdff06f5d722f23b63ea3a962a2024ab708c4f8d7b215224c43de2eb87ad3a9

    • SHA512

      abf59d2461ff774bd0892cbc542c039790cb70540702fa0672238fbfedd4c370398c33040a07b450a4eaee638248a456c50945ca2a62443d4bc7adf04121e3d3

    Score
    7/10
    bootkitpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks