Overview

overview

7

Static

static

1cdd71f3fe...a4.exe

windows7_x64

7

1cdd71f3fe...a4.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cdd71f3fe9aa641d53864265aa950562b9290b3f143b2e52a03d2011b348fa4.7z

  • Size

    576KB

  • Sample

    220523-m9qsjadad2

  • MD5

    72d8992da8d08e1a57394c3c3c603391

  • SHA1

    1e7c538ef5c857b6aab6863bb17e6e6c83abb326

  • SHA256

    b9ea1653a7e9d79069a21724bf3757e9cecda39dd0fe0a4590721378b7529f8d

  • SHA512

    69834a782d5fad9a387c72b8a30ab2c62885bb36f38e83996134a6b61610cda59bead23ee7037f131f9261ea8a3206f3abbaba3c561453d52c87e1a8af0a04c8

Score
7/10
bootkitpersistencespywarestealer

Malware Config

Targets

    • Target

      1cdd71f3fe9aa641d53864265aa950562b9290b3f143b2e52a03d2011b348fa4

    • Size

      1.5MB

    • MD5

      796c596185e63803a4ec4003aa60f425

    • SHA1

      00b8ab317c792349e802d9f186dd6bea7911eca4

    • SHA256

      1cdd71f3fe9aa641d53864265aa950562b9290b3f143b2e52a03d2011b348fa4

    • SHA512

      47244b18e7b2f9292ecf356ae2cc037a3befd0f9ad2b5a8679306348b3d060f49fd8619d1d8021d8d80f077fc3ca68687c5d6979c434c4a0e6718962e9ca5ba9

    Score
    7/10
    bootkitpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks