f23d97561f527b0716c7336612f8c0bbe8a2329190de80432d2c664ba63c0d14 | Triage

Sharing

General

Target

f23d97561f527b0716c7336612f8c0bbe8a2329190de80432d2c664ba63c0d14
Size

408KB
Sample

221123-mm661aee48
MD5

040bd33462681ad3ce089da8595aec23
SHA1

c2a63a19777d096f9fcd9bb6840af713ccec6ab6
SHA256

f23d97561f527b0716c7336612f8c0bbe8a2329190de80432d2c664ba63c0d14
SHA512

3a80e49abb90ebac80a7c625eebf5ce4da14064b21bcbca6c9545af3a741caff2708f9e9f9db1e6631e67b0148239692a4d764422c2297f2358918d7919df3b8
SSDEEP

6144:1qvfKnho9Q6qrBWaN9z1Y85ptVHXv60CVfBj9OlJD85Wecro49tW2tjVjYlSC:1qvfKho2J1MMVtcfBAXDDRXVj

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  f23d97561f527b0716c7336612f8c0bbe8a2329190de80432d2c664ba63c0d14
- Size
  
  408KB
- MD5
  
  040bd33462681ad3ce089da8595aec23
- SHA1
  
  c2a63a19777d096f9fcd9bb6840af713ccec6ab6
- SHA256
  
  f23d97561f527b0716c7336612f8c0bbe8a2329190de80432d2c664ba63c0d14
- SHA512
  
  3a80e49abb90ebac80a7c625eebf5ce4da14064b21bcbca6c9545af3a741caff2708f9e9f9db1e6631e67b0148239692a4d764422c2297f2358918d7919df3b8
- SSDEEP
  
  6144:1qvfKnho9Q6qrBWaN9z1Y85ptVHXv60CVfBj9OlJD85Wecro49tW2tjVjYlSC:1qvfKho2J1MMVtcfBAXDDRXVj
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer