071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e | Triage

Submit
Reports

Overview

overview

9

Static

static

071ef87936...7e.exe

windows7_x64

8

071ef87936...7e.exe

windows10-2004_x64

9

Sharing

General

Target

071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e
Size

2.6MB
Sample

220525-ajxryacga9
MD5

a62d6ff65295dd8e3123cc949782493a
SHA1

dc4248fad98f03f2005fe8020bb4d2e28db1acf1
SHA256

071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e
SHA512

08c27dd12b87c1952ee1b9ffe9e44317aa057214e52ece4aed77b13460b3e6974c3c143a4c8c2da569acdfadddbfac9f6447e09a2f9d1fd4f31c300acc4f72c4

Score

9^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e.exe

Resource

win7-20220414-en

bootkit discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e.exe

Resource

win10v2004-20220414-en

bootkit discovery persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e
- Size
  
  2.6MB
- MD5
  
  a62d6ff65295dd8e3123cc949782493a
- SHA1
  
  dc4248fad98f03f2005fe8020bb4d2e28db1acf1
- SHA256
  
  071ef87936e73e6c0a8d468268d0875cfa0182466e8bd605baf53333f518aa7e
- SHA512
  
  08c27dd12b87c1952ee1b9ffe9e44317aa057214e52ece4aed77b13460b3e6974c3c143a4c8c2da569acdfadddbfac9f6447e09a2f9d1fd4f31c300acc4f72c4
Score

9^/10

bootkit discovery persistence spyware stealer
- Nirsoft
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy