Overview

overview

7

Static

static

cf3e3a9b00...44.exe

windows7-x64

7

cf3e3a9b00...44.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    cf3e3a9b003e109efbbbeddcd85fb692354d90d1c10673976fd8d5406cc70144

  • Size

    70KB

  • Sample

    221029-qrgcxshah6

  • MD5

    0a17f1947f34d487a1340e70d71f8c4b

  • SHA1

    cc4726d9bb28cf28d661aeae9e6b50de0417c83c

  • SHA256

    cf3e3a9b003e109efbbbeddcd85fb692354d90d1c10673976fd8d5406cc70144

  • SHA512

    61da36e6eb7381d512a5e19f677041f2fc6d74e6c9dcabc52b3ad8c7965266f0e0fbc89e549765b26f1929ae72a13f2d76ab3801bd89f922e4b8a07c13f15caa

  • SSDEEP

    1536:G5KMGwMPrZ3SNmLQLhz/sgoouGS/f/JaAg9uXvWSAoh9:G6DVSNmEzUpBpo9ob9

Score
7/10
bootkitpersistencespywarestealer

Malware Config

Targets

    • Target

      cf3e3a9b003e109efbbbeddcd85fb692354d90d1c10673976fd8d5406cc70144

    • Size

      70KB

    • MD5

      0a17f1947f34d487a1340e70d71f8c4b

    • SHA1

      cc4726d9bb28cf28d661aeae9e6b50de0417c83c

    • SHA256

      cf3e3a9b003e109efbbbeddcd85fb692354d90d1c10673976fd8d5406cc70144

    • SHA512

      61da36e6eb7381d512a5e19f677041f2fc6d74e6c9dcabc52b3ad8c7965266f0e0fbc89e549765b26f1929ae72a13f2d76ab3801bd89f922e4b8a07c13f15caa

    • SSDEEP

      1536:G5KMGwMPrZ3SNmLQLhz/sgoouGS/f/JaAg9uXvWSAoh9:G6DVSNmEzUpBpo9ob9

    Score
    7/10
    bootkitpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks