ae1d2fc3c4a341973ebb044ca97551bfc03795b06a8fad6422306ab068d0b260 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

StreamHelp...up.exe

windows7-x64

8

StreamHelp...up.exe

windows10-2004-x64

7

Sharing

General

Target

StreamHelpersSetup.exe
Size

5.1MB
Sample

230401-an8p1aef95
MD5

204d43f3f04ab08863730428aef33a0e
SHA1

9a13f8f7b230be2ab7eeb2b21240041e5209495f
SHA256

ae1d2fc3c4a341973ebb044ca97551bfc03795b06a8fad6422306ab068d0b260
SHA512

7555201978828c71006decbf09dad8ff4535fe572438fdc41ed0a990073bccca43525da1a6c639fb6a7313642dcde608a3440b7de68b158336da1aaf5b21a7d1
SSDEEP

98304:VABCUgjLwvDqtrJwnN5xdnbzXzt4AM0faL6qutk1RsmVmjcJoO9VePFuLmho:iBx6qN5bnty0yLYtUyXcCO9VePamm

Score

8^/10

bootkit evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

StreamHelpersSetup.exe

Resource

win7-20230220-en

bootkit evasion persistence ransomware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

StreamHelpersSetup.exe

Resource

win10v2004-20230221-en

bootkit persistence ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  StreamHelpersSetup.exe
- Size
  
  5.1MB
- MD5
  
  204d43f3f04ab08863730428aef33a0e
- SHA1
  
  9a13f8f7b230be2ab7eeb2b21240041e5209495f
- SHA256
  
  ae1d2fc3c4a341973ebb044ca97551bfc03795b06a8fad6422306ab068d0b260
- SHA512
  
  7555201978828c71006decbf09dad8ff4535fe572438fdc41ed0a990073bccca43525da1a6c639fb6a7313642dcde608a3440b7de68b158336da1aaf5b21a7d1
- SSDEEP
  
  98304:VABCUgjLwvDqtrJwnN5xdnbzXzt4AM0faL6qutk1RsmVmjcJoO9VePFuLmho:iBx6qN5bnty0yLYtUyXcCO9VePamm
Score

8^/10

bootkit evasion persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

bootkitevasionpersistenceransomware

behavioral2

bootkitpersistenceransomware

© 2018-2024

Terms | Privacy