049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

049004d780...06.exe

windows7_x64

8

049004d780...06.exe

windows10-2004_x64

8

Sharing

General

Target

049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906
Size

12.1MB
Sample

220524-vbpftaaad7
MD5

0d7f3f3e6bee00211f27a83c89450e4c
SHA1

e06b293da697a265f96943db01a3793f1b28c4ba
SHA256

049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906
SHA512

d7721a5fa0e3680562f07ffb290a6586c356c531efb12262a534880bd408dd59d9ccb072cf7d1acfa6cde6716e85fb47b224353bd6ba6834db3f1873ff5fc60d

Score

8^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906.exe

Resource

win7-20220414-en

bootkit discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906.exe

Resource

win10v2004-20220414-en

bootkit discovery persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906
- Size
  
  12.1MB
- MD5
  
  0d7f3f3e6bee00211f27a83c89450e4c
- SHA1
  
  e06b293da697a265f96943db01a3793f1b28c4ba
- SHA256
  
  049004d780345a7dfa640b2aa33039ddbd65cf17695382612da863f891155906
- SHA512
  
  d7721a5fa0e3680562f07ffb290a6586c356c531efb12262a534880bd408dd59d9ccb072cf7d1acfa6cde6716e85fb47b224353bd6ba6834db3f1873ff5fc60d
Score

8^/10

bootkit discovery persistence spyware stealer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

behavioral2

bootkitdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy