0397591fa7b81d79e9071a0b37a5facd4d83ce4c6722fed1a6842cf03ec0e827 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

driver_boo...up.exe

windows7-x64

7

driver_boo...up.exe

windows10-2004-x64

8

Sharing

General

Target

driver_booster_setup.exe
Size

27.6MB
Sample

230309-y5tjeaab43
MD5

3fca4bff9ed758c69c3d50066b09a66e
SHA1

211d519fb9431abe68f567a3c9066e0ccf376fe6
SHA256

0397591fa7b81d79e9071a0b37a5facd4d83ce4c6722fed1a6842cf03ec0e827
SHA512

f7ff1bee5ccb507d1699dd822335685a3bc86ecacf4d2529641697766e9fd20a7b466db3b495be3289dc9826317a5568251d7424df7f752c4bcd54d0ade28382
SSDEEP

786432:I45GZ1mR8trLRqeGWlPr5r050V7CRV3XcgdWOq7D:hO1mR8tn+4PNrS6CRV3XcgdWOqX

Score

8^/10

discovery evasion spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

driver_booster_setup.exe

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

driver_booster_setup.exe

Resource

win10v2004-20230220-en

discovery evasion spyware stealer

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  driver_booster_setup.exe
- Size
  
  27.6MB
- MD5
  
  3fca4bff9ed758c69c3d50066b09a66e
- SHA1
  
  211d519fb9431abe68f567a3c9066e0ccf376fe6
- SHA256
  
  0397591fa7b81d79e9071a0b37a5facd4d83ce4c6722fed1a6842cf03ec0e827
- SHA512
  
  f7ff1bee5ccb507d1699dd822335685a3bc86ecacf4d2529641697766e9fd20a7b466db3b495be3289dc9826317a5568251d7424df7f752c4bcd54d0ade28382
- SSDEEP
  
  786432:I45GZ1mR8trLRqeGWlPr5r050V7CRV3XcgdWOq7D:hO1mR8tn+4PNrS6CRV3XcgdWOqX
Score

8^/10

discovery evasion spyware stealer
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

discoveryevasionspywarestealer

© 2018-2025

Terms | Privacy