40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

SecurityTa...up.exe

windows7-x64

7

SecurityTa...up.exe

windows10-2004-x64

7

Sharing

General

Target

SecurityTaskManager_Setup.exe
Size

2.9MB
Sample

230406-j7q4qseb2z
MD5

6dac98c7e865cc42e303df3504b0f6a6
SHA1

befd8ef8a73ca588fee6f2e19485bf1502b58734
SHA256

40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3
SHA512

172493b2e5397eee622975e20a3758bd3e0f3e466adcb1a3bd3844e1e5645050371f9a593cf1b56293fce8fb2309621f4950379149a5c77dc4850530a4f79652
SSDEEP

49152:Pd+HtGXcROvfipetV2pSDwRgrFYv7WS4oW+ehUpkKmltavtaKhGiD79jkL0O:Pd+pROvapetV2UIMgSoX/xscg6939jkl

Score

7^/10

bootkit discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecurityTaskManager_Setup.exe

Resource

win7-20230220-en

bootkit discovery evasion persistence spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecurityTaskManager_Setup.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecurityTaskManager_Setup.exe
- Size
  
  2.9MB
- MD5
  
  6dac98c7e865cc42e303df3504b0f6a6
- SHA1
  
  befd8ef8a73ca588fee6f2e19485bf1502b58734
- SHA256
  
  40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3
- SHA512
  
  172493b2e5397eee622975e20a3758bd3e0f3e466adcb1a3bd3844e1e5645050371f9a593cf1b56293fce8fb2309621f4950379149a5c77dc4850530a4f79652
- SSDEEP
  
  49152:Pd+HtGXcROvfipetV2pSDwRgrFYv7WS4oW+ehUpkKmltavtaKhGiD79jkL0O:Pd+pROvapetV2UIMgSoX/xscg6939jkl
Score

7^/10

bootkit discovery evasion persistence spyware stealer trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy