db2bc4d3a566e7e0b90c71f6d607ce32ad7781c39caa3e754e68345bc6ca7f8d | Triage

Submit
Reports

Overview

overview

8

Static

static

1

driver_boo...up.exe

windows7-x64

8

driver_boo...up.exe

windows10-2004-x64

8

Sharing

General

Target

driver_booster_setup.exe
Size

24.5MB
Sample

230609-t8besacf69
MD5

aec6ba15c854c44db853bf88ab234acd
SHA1

68c76c0d21fb10e11626bd39b898e082c578c073
SHA256

db2bc4d3a566e7e0b90c71f6d607ce32ad7781c39caa3e754e68345bc6ca7f8d
SHA512

1994ae531f49e13e77d90516318aec8799619ff16433a8087162161bc59e09e24ec815ea693a1027e7d47450bae75e394ec35f8573eb34284d1c8a9e62eefdc5
SSDEEP

786432:GRp7y/SQqAzSqx0pjrE4Acbs7IWFPZJ4Brb/8w:ABy/xn07luIWAP

Score

8^/10

discovery evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

driver_booster_setup.exe

Resource

win7-20230220-en

discovery evasion

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

driver_booster_setup.exe

Resource

win10v2004-20230220-en

discovery evasion persistence spyware stealer

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  driver_booster_setup.exe
- Size
  
  24.5MB
- MD5
  
  aec6ba15c854c44db853bf88ab234acd
- SHA1
  
  68c76c0d21fb10e11626bd39b898e082c578c073
- SHA256
  
  db2bc4d3a566e7e0b90c71f6d607ce32ad7781c39caa3e754e68345bc6ca7f8d
- SHA512
  
  1994ae531f49e13e77d90516318aec8799619ff16433a8087162161bc59e09e24ec815ea693a1027e7d47450bae75e394ec35f8573eb34284d1c8a9e62eefdc5
- SSDEEP
  
  786432:GRp7y/SQqAzSqx0pjrE4Acbs7IWFPZJ4Brb/8w:ABy/xn07luIWAP
Score

8^/10

discovery evasion persistence spyware stealer
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

New Service

Modify Existing Service

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Security Software Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasionpersistencespywarestealer

© 2018-2024

Terms | Privacy