a40fbcb650ae7c437727877e9720d95d38274477aa7f655118513b9f6fef136a | Triage

Sharing

General

Target

a40fbcb650ae7c437727877e9720d95d38274477aa7f655118513b9f6fef136a
Size

492KB
Sample

221203-g1vr8sbe39
MD5

3e03a6828eeeefd4c3ffb3f8cc863663
SHA1

9e6972a5c89121072a6f384ede65e25f454db48d
SHA256

a40fbcb650ae7c437727877e9720d95d38274477aa7f655118513b9f6fef136a
SHA512

7161251697ea97f0a09010f7b101d2e7ad342db7d934c9aa673714b9c96bdf5344d41ed6bcf93b909d5d209b49a987b12533670f80ea45930d141289d3d34d5a
SSDEEP

12288:PfpgK3nBk1ZxWyPvj36tXm4zBjcyz9V7Sl2aLL6s6OO:P2K3Bk9WyDqXzBjcyV7oKOO

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  a40fbcb650ae7c437727877e9720d95d38274477aa7f655118513b9f6fef136a
- Size
  
  492KB
- MD5
  
  3e03a6828eeeefd4c3ffb3f8cc863663
- SHA1
  
  9e6972a5c89121072a6f384ede65e25f454db48d
- SHA256
  
  a40fbcb650ae7c437727877e9720d95d38274477aa7f655118513b9f6fef136a
- SHA512
  
  7161251697ea97f0a09010f7b101d2e7ad342db7d934c9aa673714b9c96bdf5344d41ed6bcf93b909d5d209b49a987b12533670f80ea45930d141289d3d34d5a
- SSDEEP
  
  12288:PfpgK3nBk1ZxWyPvj36tXm4zBjcyz9V7Sl2aLL6s6OO:P2K3Bk9WyDqXzBjcyV7oKOO
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer