1243febff9e3a46e2e63c486795a8c7b40f5fc00c3d8f091355b5bacaae1a9e9 | Triage

Sharing

General

Target

1243febff9e3a46e2e63c486795a8c7b40f5fc00c3d8f091355b5bacaae1a9e9
Size

350KB
Sample

221003-nmxs1adgg2
MD5

6d1f706fe3c6351f6ef675b3184060f2
SHA1

eca6ee447bbe4cfcb6369796a35836a9e3ce453f
SHA256

1243febff9e3a46e2e63c486795a8c7b40f5fc00c3d8f091355b5bacaae1a9e9
SHA512

074d88a3dfd543ccdf3a3206d067d0ad9088ae2728a64b2257e08ccdd6128c98523899656eb89c44bed973dc0c63de5501ac843d3bd74c25819be77bbec461fb
SSDEEP

6144:es/g2TAPhNPGOWUWqvt7+eEWRGj5m4JMAXk9Q/Q1bpOxyJBUrZrXlm:egTeh5GrUWqvDY5wAXMQubpOOIXlm

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  1243febff9e3a46e2e63c486795a8c7b40f5fc00c3d8f091355b5bacaae1a9e9
- Size
  
  350KB
- MD5
  
  6d1f706fe3c6351f6ef675b3184060f2
- SHA1
  
  eca6ee447bbe4cfcb6369796a35836a9e3ce453f
- SHA256
  
  1243febff9e3a46e2e63c486795a8c7b40f5fc00c3d8f091355b5bacaae1a9e9
- SHA512
  
  074d88a3dfd543ccdf3a3206d067d0ad9088ae2728a64b2257e08ccdd6128c98523899656eb89c44bed973dc0c63de5501ac843d3bd74c25819be77bbec461fb
- SSDEEP
  
  6144:es/g2TAPhNPGOWUWqvt7+eEWRGj5m4JMAXk9Q/Q1bpOxyJBUrZrXlm:egTeh5GrUWqvDY5wAXMQubpOOIXlm
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer