47bc15b221a193ce995f1cee01ec44948d28480cbca32a9e66bd3bbf9dc79e5d | Triage

Submit
Reports

Overview

overview

8

Static

static

8

bol_setup.exe

windows10-2004-x64

8

out.exe

windows10-2004-x64

Resubmissions

30-12-2022 00:20

221230-am6t1see59 8

29-12-2022 23:59

221229-31shrsee28 8

29-12-2022 21:37

221229-1gmgashe3w 8

29-12-2022 18:49

221229-xgm62sha6w 8

Sharing

General

Target

bol_setup.exe
Size

1.3MB
Sample

221229-1gmgashe3w
MD5

8303cfa6502fd0c42eff4133bc1938e4
SHA1

6cdbd45bb72b1524113bba8e613b21682b4af497
SHA256

47bc15b221a193ce995f1cee01ec44948d28480cbca32a9e66bd3bbf9dc79e5d
SHA512

a4c58e5e50a4ba5427267e54cd3a30df9c0d20db71c8b194e0d96827c27d0e7910e0bafefb231d9bf760910507a67812faa79ad4a359846bf8da8ab37e58bf2e
SSDEEP

24576:2CQjv/3EH3aLXerTO6uP7UJc9GA5bYUkDXZIxfqdPxw0pZHgbfeOqP:5aB6iJlxkzCJqdPxJwf+

Score

8^/10

adware bootkit discovery persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bol_setup.exe

Resource

win10v2004-20220812-en

adware bootkit discovery persistence stealer upx

windows10-2004-x64

27 signatures

1800 seconds

Behavioral task

behavioral2

Sample

out.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

1800 seconds

Malware Config

Targets

- Target
  
  bol_setup.exe
- Size
  
  1.3MB
- MD5
  
  8303cfa6502fd0c42eff4133bc1938e4
- SHA1
  
  6cdbd45bb72b1524113bba8e613b21682b4af497
- SHA256
  
  47bc15b221a193ce995f1cee01ec44948d28480cbca32a9e66bd3bbf9dc79e5d
- SHA512
  
  a4c58e5e50a4ba5427267e54cd3a30df9c0d20db71c8b194e0d96827c27d0e7910e0bafefb231d9bf760910507a67812faa79ad4a359846bf8da8ab37e58bf2e
- SSDEEP
  
  24576:2CQjv/3EH3aLXerTO6uP7UJc9GA5bYUkDXZIxfqdPxw0pZHgbfeOqP:5aB6iJlxkzCJqdPxJwf+
Score

8^/10

adware bootkit discovery persistence stealer upx
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1
- Target
  
  out.upx
- Size
  
  2.4MB
- MD5
  
  2c4f54a5987bb6e642ba773d30f83b83
- SHA1
  
  27a7ee74b654b31436f3fd5230517050590717a7
- SHA256
  
  445d620fa5d00b1bfe07cc8e5da244be37f2d5e4ee6f065c9d66eb7d9b76264d
- SHA512
  
  61280df27983aae9ff29655b83e266e2b5b429e16d30ef1f6a3ddfd17370b39d7a4748a4c39e69dcb7c96ab14fb8ee2fb4d0c579db618ef46d2d39b8c4feb1e6
- SSDEEP
  
  49152:/QUt6jCO1aKqLnpTrm+GkZG3R60gTHmSPDA/TuR:/QUtN3jpTr1ZGB60kmoAa
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitdiscoverypersistencestealerupx

behavioral2

© 2018-2024

Terms | Privacy