Overview

overview

8

Static

static

754a376eb9...c8.exe

windows7-x64

8

754a376eb9...c8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    754a376eb99bdd9016f57c6edb7493a18b12bb0f381890a882d33888003a38c8

  • Size

    492KB

  • Sample

    221203-g1w1asbe42

  • MD5

    c1a9b27e23a125cc009a1cfa32df240d

  • SHA1

    6b41d7fbcb3378846f9e6ae381fd30c00255f891

  • SHA256

    754a376eb99bdd9016f57c6edb7493a18b12bb0f381890a882d33888003a38c8

  • SHA512

    c58819845a35062108b6fab8c5ed45acbd13db1ae0a5986d1713a99523fdd0d2ef99680b78ae30dc0e1bae31ad8a5bcc7997968b63ad191d254cb9830a1bd31c

  • SSDEEP

    12288:521aaxNqlL4jz63Q5eeJEw0EdD2PiBroUgIrU:5Oqlcjl51aE8PiBsjq

Score
8/10
adwarebootkitpersistencestealer

Malware Config

Targets

    • Target

      754a376eb99bdd9016f57c6edb7493a18b12bb0f381890a882d33888003a38c8

    • Size

      492KB

    • MD5

      c1a9b27e23a125cc009a1cfa32df240d

    • SHA1

      6b41d7fbcb3378846f9e6ae381fd30c00255f891

    • SHA256

      754a376eb99bdd9016f57c6edb7493a18b12bb0f381890a882d33888003a38c8

    • SHA512

      c58819845a35062108b6fab8c5ed45acbd13db1ae0a5986d1713a99523fdd0d2ef99680b78ae30dc0e1bae31ad8a5bcc7997968b63ad191d254cb9830a1bd31c

    • SSDEEP

      12288:521aaxNqlL4jz63Q5eeJEw0EdD2PiBroUgIrU:5Oqlcjl51aE8PiBsjq

    Score
    8/10
    adwarebootkitpersistencestealer

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks