16632a2fd7a1bf63ed300a174583805ec4ff12fc456c6a04c29cf2598d26b92c | Triage

Sharing

General

Target

16632a2fd7a1bf63ed300a174583805ec4ff12fc456c6a04c29cf2598d26b92c
Size

344KB
Sample

221106-q16n6sdhe9
MD5

0db4ed67bcc34a936d96ced6aa38147d
SHA1

87ac6f101b0873d025c568c1593634e81a2db55d
SHA256

16632a2fd7a1bf63ed300a174583805ec4ff12fc456c6a04c29cf2598d26b92c
SHA512

b93aa8db60e5dd5416ff645b9d81487c04d1515220b2806af8ad6ffd9609b656c09a91ee114442e883c2ce87446d0f282272270fb337c8eb7ac692131cd30c30
SSDEEP

6144:9s/g2VN8o0hClXKqbF12LPSzGhOyJZYc67i2CpSIw3SZl26v:9goo0hChbF1GaGhO8167i2tIYS33

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  16632a2fd7a1bf63ed300a174583805ec4ff12fc456c6a04c29cf2598d26b92c
- Size
  
  344KB
- MD5
  
  0db4ed67bcc34a936d96ced6aa38147d
- SHA1
  
  87ac6f101b0873d025c568c1593634e81a2db55d
- SHA256
  
  16632a2fd7a1bf63ed300a174583805ec4ff12fc456c6a04c29cf2598d26b92c
- SHA512
  
  b93aa8db60e5dd5416ff645b9d81487c04d1515220b2806af8ad6ffd9609b656c09a91ee114442e883c2ce87446d0f282272270fb337c8eb7ac692131cd30c30
- SSDEEP
  
  6144:9s/g2VN8o0hClXKqbF12LPSzGhOyJZYc67i2CpSIw3SZl26v:9goo0hChbF1GaGhO8167i2tIYS33
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer