abe5f67ea2f5d5ec3f34d9a5b79478a8d208fff60730cfc27d4d0789129f4c6c | Triage

Sharing

General

Target

abe5f67ea2f5d5ec3f34d9a5b79478a8d208fff60730cfc27d4d0789129f4c6c
Size

624KB
Sample

221002-1x8pgaeafr
MD5

6fe0cf212a37e4e1c85b230662f2d39e
SHA1

b014530384159521949e8245597a0c90a36b0a4a
SHA256

abe5f67ea2f5d5ec3f34d9a5b79478a8d208fff60730cfc27d4d0789129f4c6c
SHA512

26f03bcb2079370a3d9d4866bd7f8bc1eb995dbff1c91a238f56d22c594010101ab6aabe35777972a975e0c1b9c42ad3a4ad56dfd4fcd091c9004a1a28f8318b
SSDEEP

12288:R9YRw4DJLnJPM+moa2oeAF9T7HH3EXlvd8jVgBG4pB3rHRjev6VE:R9H4DxnFtmKoe2dH0lSjIrHS

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  abe5f67ea2f5d5ec3f34d9a5b79478a8d208fff60730cfc27d4d0789129f4c6c
- Size
  
  624KB
- MD5
  
  6fe0cf212a37e4e1c85b230662f2d39e
- SHA1
  
  b014530384159521949e8245597a0c90a36b0a4a
- SHA256
  
  abe5f67ea2f5d5ec3f34d9a5b79478a8d208fff60730cfc27d4d0789129f4c6c
- SHA512
  
  26f03bcb2079370a3d9d4866bd7f8bc1eb995dbff1c91a238f56d22c594010101ab6aabe35777972a975e0c1b9c42ad3a4ad56dfd4fcd091c9004a1a28f8318b
- SSDEEP
  
  12288:R9YRw4DJLnJPM+moa2oeAF9T7HH3EXlvd8jVgBG4pB3rHRjev6VE:R9H4DxnFtmKoe2dH0lSjIrHS
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer