d3e1e7949bb4c00ad8ae04767b56f4e775bf5e20bf389da9bcd546bd78068ec9 | Triage

Sharing

General

Target

d3e1e7949bb4c00ad8ae04767b56f4e775bf5e20bf389da9bcd546bd78068ec9
Size

47KB
Sample

221003-parlwsegg7
MD5

689327aa91485bd9ddadeec1c23f1736
SHA1

ac8bfb732db8413457a3c2eda254edb0284b8cc3
SHA256

d3e1e7949bb4c00ad8ae04767b56f4e775bf5e20bf389da9bcd546bd78068ec9
SHA512

4bc0044ebb089dd59ca7c852469b0a2674cad39047509b26dbc5e903179cf0625f0e11c619727275e6c18e09898700abecf5c1938a246fd9d7f25888547c6c32
SSDEEP

768:Abk2joru2vOmjzb0wv94Go8krqiO/xjN2QVDzFVYX2KzgmG9ZE:AbbG0weLrqH/W4FVYX2Kzgmp

Score

10^/10

bootkit persistence spyware stealer

Malware Config

Targets

- Target
  
  d3e1e7949bb4c00ad8ae04767b56f4e775bf5e20bf389da9bcd546bd78068ec9
- Size
  
  47KB
- MD5
  
  689327aa91485bd9ddadeec1c23f1736
- SHA1
  
  ac8bfb732db8413457a3c2eda254edb0284b8cc3
- SHA256
  
  d3e1e7949bb4c00ad8ae04767b56f4e775bf5e20bf389da9bcd546bd78068ec9
- SHA512
  
  4bc0044ebb089dd59ca7c852469b0a2674cad39047509b26dbc5e903179cf0625f0e11c619727275e6c18e09898700abecf5c1938a246fd9d7f25888547c6c32
- SSDEEP
  
  768:Abk2joru2vOmjzb0wv94Go8krqiO/xjN2QVDzFVYX2KzgmG9ZE:AbbG0weLrqH/W4FVYX2Kzgmp
Score

10^/10

bootkit persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistencespywarestealer

behavioral2