cb5e4b8060b5b4498b77ceb7211634398439828e07de359ee670c6357df2cf5e | Triage

Sharing

General

Target

cb5e4b8060b5b4498b77ceb7211634398439828e07de359ee670c6357df2cf5e
Size

580KB
Sample

220919-ekae9afbf2
MD5

c9a17796e814fceb15373265c50da812
SHA1

690f31847c732a6534e8179071a37f750d0f0e69
SHA256

cb5e4b8060b5b4498b77ceb7211634398439828e07de359ee670c6357df2cf5e
SHA512

05351862a76337a6eb308053fe6f1679bc9d5c8017983cbe771489271f5e19dcf6a259785f7f93e7a79c0fded543ecab2e69bc829e234aa029eb97ac0478f716
SSDEEP

12288:qJupwI3iV2ENXh2mqBMi/n+usQe2dG1p0CCbbQrLY8MkK2W6tt:qPI3Q2yh273v+seqG1p07H8Mkfzt

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  cb5e4b8060b5b4498b77ceb7211634398439828e07de359ee670c6357df2cf5e
- Size
  
  580KB
- MD5
  
  c9a17796e814fceb15373265c50da812
- SHA1
  
  690f31847c732a6534e8179071a37f750d0f0e69
- SHA256
  
  cb5e4b8060b5b4498b77ceb7211634398439828e07de359ee670c6357df2cf5e
- SHA512
  
  05351862a76337a6eb308053fe6f1679bc9d5c8017983cbe771489271f5e19dcf6a259785f7f93e7a79c0fded543ecab2e69bc829e234aa029eb97ac0478f716
- SSDEEP
  
  12288:qJupwI3iV2ENXh2mqBMi/n+usQe2dG1p0CCbbQrLY8MkK2W6tt:qPI3Q2yh273v+seqG1p07H8Mkfzt
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer