Overview

overview

8

Static

static

b01288d586...fc.exe

windows7-x64

8

b01288d586...fc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b01288d58620702beae542e6ff9ab79777e9eb03b7b6780821ad1c765cb333fc

  • Size

    436KB

  • Sample

    221205-ks5h9aha4t

  • MD5

    6562d88856681e5e53c073f394e86da9

  • SHA1

    d8b286bc2cbd0533e8a3f949d89fe51dc59237fe

  • SHA256

    b01288d58620702beae542e6ff9ab79777e9eb03b7b6780821ad1c765cb333fc

  • SHA512

    f5eb75a02e7f2ae7cb044852f883c118b6af65ab09734ca2a97ef2ad275c659c03110d362ec33c0c774e7b695fb2a372050ce85bd4ca9f8ce9bfd1162e96d7f7

  • SSDEEP

    12288:anc1wV3MIRTBOUg+LFYWSfWknbX22HZxDjpW2tS49:a2k3pR08LF4Fnbh5xrS

Score
8/10
bootkitpersistencespywarestealerupx

Malware Config

Targets

    • Target

      b01288d58620702beae542e6ff9ab79777e9eb03b7b6780821ad1c765cb333fc

    • Size

      436KB

    • MD5

      6562d88856681e5e53c073f394e86da9

    • SHA1

      d8b286bc2cbd0533e8a3f949d89fe51dc59237fe

    • SHA256

      b01288d58620702beae542e6ff9ab79777e9eb03b7b6780821ad1c765cb333fc

    • SHA512

      f5eb75a02e7f2ae7cb044852f883c118b6af65ab09734ca2a97ef2ad275c659c03110d362ec33c0c774e7b695fb2a372050ce85bd4ca9f8ce9bfd1162e96d7f7

    • SSDEEP

      12288:anc1wV3MIRTBOUg+LFYWSfWknbX22HZxDjpW2tS49:a2k3pR08LF4Fnbh5xrS

    Score
    8/10
    bootkitpersistencespywarestealerupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks