General

  • Target

    Boost.exe

  • Size

    35.5MB

  • Sample

    231022-awm39scg2x

  • MD5

    65a3f616b2c8af2fd3e6a581972910e5

  • SHA1

    e21bf9f58dc971fe26a628d9e49af4a8078cc77c

  • SHA256

    7d6e91c02ffeb0bedcb012dbb072141cbb88da229a0cd16c705b5d6dbeeab4dd

  • SHA512

    e09d51919a7d60fcaedb4bbc68e469e9d2358e31e80614c66d0f3760b2f780f6f14ee209b38cb6487b3a37c5c59412ffe0b6292321ceac6ffd8b6e3924155951

  • SSDEEP

    786432:iGO9QPRf7M5lPErUa1dyOe4UA1snjyDq2tVz0okC9/JqrYEap9WWKUIP:iGO9QPRf7+Ex1QOI2w+9p3p9WWKU

Score
7/10

Malware Config

Targets

    • Target

      Boost.exe

    • Size

      35.5MB

    • MD5

      65a3f616b2c8af2fd3e6a581972910e5

    • SHA1

      e21bf9f58dc971fe26a628d9e49af4a8078cc77c

    • SHA256

      7d6e91c02ffeb0bedcb012dbb072141cbb88da229a0cd16c705b5d6dbeeab4dd

    • SHA512

      e09d51919a7d60fcaedb4bbc68e469e9d2358e31e80614c66d0f3760b2f780f6f14ee209b38cb6487b3a37c5c59412ffe0b6292321ceac6ffd8b6e3924155951

    • SSDEEP

      786432:iGO9QPRf7M5lPErUa1dyOe4UA1snjyDq2tVz0okC9/JqrYEap9WWKUIP:iGO9QPRf7+Ex1QOI2w+9p3p9WWKU

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks