a398fff09ee7b0aa3a77540e7efd3da0a9792b34fbc8820377cdb9c04dc6eb25 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

CCleaner_v...26.exe

windows7-x64

7

CCleaner_v...26.exe

windows10-2004-x64

7

Resubmissions

29-03-2023 03:03

230329-dj9chsee46 7

Sharing

General

Target

CCleaner_v5.84.9126.exe
Size

24.3MB
Sample

230329-dj9chsee46
MD5

f5f6a78587b0daf42518a5dbf6ef028b
SHA1

5fd7e0493a6ee0dd60ae2d78a0c3c2ed918f6347
SHA256

a398fff09ee7b0aa3a77540e7efd3da0a9792b34fbc8820377cdb9c04dc6eb25
SHA512

724725bb1b2960ae648155af4463a83c4a18672fcc4d93143498000f5330374007b6e233942f626ab5d45e614d3d782aa2fca68789a290e8a60df9ee01e05afd
SSDEEP

786432:RN1dAWoyVU9uom48R5xTgWfWof+pph3Aw2I3D:RN1WAVvtVRAymnxAw2I3D

Score

7^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

CCleaner_v5.84.9126.exe

Resource

win7-20230220-en

bootkit discovery persistence spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

CCleaner_v5.84.9126.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  CCleaner_v5.84.9126.exe
- Size
  
  24.3MB
- MD5
  
  f5f6a78587b0daf42518a5dbf6ef028b
- SHA1
  
  5fd7e0493a6ee0dd60ae2d78a0c3c2ed918f6347
- SHA256
  
  a398fff09ee7b0aa3a77540e7efd3da0a9792b34fbc8820377cdb9c04dc6eb25
- SHA512
  
  724725bb1b2960ae648155af4463a83c4a18672fcc4d93143498000f5330374007b6e233942f626ab5d45e614d3d782aa2fca68789a290e8a60df9ee01e05afd
- SSDEEP
  
  786432:RN1dAWoyVU9uom48R5xTgWfWof+pph3Aw2I3D:RN1WAVvtVRAymnxAw2I3D
Score

7^/10

bootkit discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

behavioral2

bootkitdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy