28b148e90be48ae162abff11a5d265e702b7c64e7bd0e4fb768f1def8f56fb82 | Triage

Sharing

General

Target

28b148e90be48ae162abff11a5d265e702b7c64e7bd0e4fb768f1def8f56fb82
Size

508KB
Sample

220919-ekjzpafbf8
MD5

66abc5e5231c4ec51fb75c492e88ace3
SHA1

8587a5414c1448497a93a807ab67a9e85dc0ba47
SHA256

28b148e90be48ae162abff11a5d265e702b7c64e7bd0e4fb768f1def8f56fb82
SHA512

9cd635943d38e37e886c58fc982c5c62e4d691912ef9837d1c0435b24b164c3911fac90e2dcb4a2d8eb416fe36dfa93db53d4b85016dd560b6510709163432aa
SSDEEP

12288:o09PO3yf8V4K4QkyY+EhYJ7SqAOhnt+AJ2Fo+LBYRN+gKQfodWslNIDZY:o4O3m834u4hu7SqAOhIAklYz+gxsWsl3

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  28b148e90be48ae162abff11a5d265e702b7c64e7bd0e4fb768f1def8f56fb82
- Size
  
  508KB
- MD5
  
  66abc5e5231c4ec51fb75c492e88ace3
- SHA1
  
  8587a5414c1448497a93a807ab67a9e85dc0ba47
- SHA256
  
  28b148e90be48ae162abff11a5d265e702b7c64e7bd0e4fb768f1def8f56fb82
- SHA512
  
  9cd635943d38e37e886c58fc982c5c62e4d691912ef9837d1c0435b24b164c3911fac90e2dcb4a2d8eb416fe36dfa93db53d4b85016dd560b6510709163432aa
- SSDEEP
  
  12288:o09PO3yf8V4K4QkyY+EhYJ7SqAOhnt+AJ2Fo+LBYRN+gKQfodWslNIDZY:o4O3m834u4hu7SqAOhIAklYz+gxsWsl3
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer