86359da3f3cb347f1979479396ea7d8096f9f52ef9e25fe8b7084a54fd7d16f0 | Triage

Submit
Reports

Overview

overview

Static

static

1

icons8-cursor-24.png

windows7-x64

3

icons8-cursor-24.png

windows10-2004-x64

Resubmissions

02-06-2023 20:11

230602-yykmxseg2y 6

02-06-2023 19:29

230602-x685taee3s 10

Sharing

General

Target

icons8-cursor-24.png
Size

329B
Sample

230602-x685taee3s
MD5

ccc8ab39f8102baa9a0f9fc80e7db73f
SHA1

193aac7cc3f16fa2e9a02f271a8f0562336a24ae
SHA256

86359da3f3cb347f1979479396ea7d8096f9f52ef9e25fe8b7084a54fd7d16f0
SHA512

7388ff7724a79b4b53d0a70f0904e5ad439533556a9960597de697bd10742b672398facff776547787aa6bd423da95fe6a3737adc035e7f841fba292f95128d5

Score

10^/10

adware bootkit evasion persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

icons8-cursor-24.png

Resource

win7-20230220-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

icons8-cursor-24.png

Resource

win10v2004-20230220-en

adware bootkit evasion persistence stealer

windows10-2004-x64

32 signatures

1800 seconds

Malware Config

Targets

- Target
  
  icons8-cursor-24.png
- Size
  
  329B
- MD5
  
  ccc8ab39f8102baa9a0f9fc80e7db73f
- SHA1
  
  193aac7cc3f16fa2e9a02f271a8f0562336a24ae
- SHA256
  
  86359da3f3cb347f1979479396ea7d8096f9f52ef9e25fe8b7084a54fd7d16f0
- SHA512
  
  7388ff7724a79b4b53d0a70f0904e5ad439533556a9960597de697bd10742b672398facff776547787aa6bd423da95fe6a3737adc035e7f841fba292f95128d5
Score

10^/10

adware bootkit evasion persistence stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Registers new Print Monitor
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Browser Extensions

Change Default File Association

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarebootkitevasionpersistencestealer

© 2018-2025

Terms | Privacy