https://boosterx.ru

Target

https://boosterx.ru

Sample

220521-sgtxdadagp

Score

10 ^/10

evasion persistence ransomware spyware stealer trojan

Target

https://boosterx.ru

Score

10^/10

Tags

evasion persistence ransomware spyware stealer trojan

Signatures

Modifies Windows Defender Real-time Protection settings
Tags

evasion trojan

TTPs

Modify RegistryModify Existing ServiceDisabling Security Tools
Modifies firewall policy service
Tags

evasion

TTPs

Modify RegistryModify Existing Service
Modifies security service
Tags

evasion

TTPs

Modify RegistryModify Existing Service
Suspicious use of NtCreateUserProcessOtherParentProcess
UAC bypass
Tags

evasion trojan

TTPs

Bypass User Account ControlDisabling Security ToolsModify Registry
Modifies boot configuration data using bcdedit
Tags

ransomware evasion

TTPs

Inhibit System Recovery
Modifies Installed Components in the registry
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Enumerates connected drives
Description

Attempts to read the root path of hard drives other than the default C: drive.
TTPs

Query RegistryPeripheral Device DiscoverySystem Information Discovery
Legitimate hosting services abused for malware hosting/C2
TTPs

Web Service
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.
Drops file in System32 directory

Related Tasks

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Inhibit System Recovery

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Bypass User Account Control

static1

urlscan1

1^/10

behavioral1

evasion persistence ransomware spyware stealer trojan

10^/10