57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff | Triage

Submit
Reports

Overview

overview

Static

static

57b3e605df...ff.exe

windows7-x64

57b3e605df...ff.exe

windows10-2004-x64

8

Sharing

General

Target

57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff
Size

1.8MB
Sample

221206-2wdclsca32
MD5

f24e0271cebcf8e9e11b6e127a3cbb25
SHA1

bf91d43bf8f809c92ba3330dda5400c9f09d57a4
SHA256

57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff
SHA512

132ac4f1a4573c4542492af256a6cc704978365f27cc59dfa1f3cfe3c2ca6cde80273cf24df04ba5ab8c97178f0d95adf3ed39c6234d3e8d4c7607640e41dc90
SSDEEP

24576:+ZqLaF4PGweLA+tyIGA8ZpEaEVvPCdYf36OD5hy83CR0G26S+S4OUC9QqMG3O:kqLay+weLA9uLVvH/5Ed6P+lxld

Score

10^/10

bootkit discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff.exe

Resource

win7-20220812-en

bootkit discovery evasion persistence spyware stealer trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff.exe

Resource

win10v2004-20221111-en

evasion spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff
- Size
  
  1.8MB
- MD5
  
  f24e0271cebcf8e9e11b6e127a3cbb25
- SHA1
  
  bf91d43bf8f809c92ba3330dda5400c9f09d57a4
- SHA256
  
  57b3e605df071f933ca53b5e7ce313817a2da9eec938cb1e9d05a7615fbaa8ff
- SHA512
  
  132ac4f1a4573c4542492af256a6cc704978365f27cc59dfa1f3cfe3c2ca6cde80273cf24df04ba5ab8c97178f0d95adf3ed39c6234d3e8d4c7607640e41dc90
- SSDEEP
  
  24576:+ZqLaF4PGweLA+tyIGA8ZpEaEVvPCdYf36OD5hy83CR0G26S+S4OUC9QqMG3O:kqLay+weLA9uLVvH/5Ed6P+lxld
Score

10^/10

bootkit discovery evasion persistence spyware stealer trojan
- Modifies system executable filetype association
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Change Default File Association

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencespywarestealertrojan

behavioral2

evasionspywarestealertrojan

© 2018-2025

Terms | Privacy