b845ad16d2eee134b7d419762db15818eadc1f4af93e7db66a1df6268dec1678

Sharing

Copy URL

Twitter E-mail

General

Target

2f2a0f0bb01c8a9499125e879a0efb61f3df1352109b677f99146962e2e013a9.zip.zip
Size

36.6MB
Sample

231107-rghzfagd9y
MD5

301d3e1a4bd95697e252172f2d7e2449
SHA1

ccdf4244e9402818b57c8eb3cf99cc98a68a43b3
SHA256

b845ad16d2eee134b7d419762db15818eadc1f4af93e7db66a1df6268dec1678
SHA512

838a20d55e53bd9eb03b3013aca769ab45219d08f4edc05ae453b00082cab1c27b73dd9ed3b2f4244a71d898a30dcf18f86b73071281f7590356e3fd28315289
SSDEEP

786432:YXfZk25d2mn7CLxu2m3wWqdxvtCYIOlCrNfsb4k9zn3Tj5:4fZok7Clu2oMdxlUOlsNE8IzDd

Score

7^/10

Malware Config

Targets

- Target
  
  CCIS/CCleaner/CCUpdate.exe
- Size
  
  594KB
- MD5
  
  6cd99a46f3aa6585906dd0b0b978e5d5
- SHA1
  
  c380fc6abceb56efa7bec92e93895018dce78c2b
- SHA256
  
  79ad6586cbcfde247bd97a5ab7ba95a118d009f966fa20a29d4131755fe1000f
- SHA512
  
  b429b27f4e4134ce3844706c99e6de29eaf821f72d29c16f5ebc0cdf262cf24d1791a696722812f3665e9fd2fb876a2242e4494e0b7da0340885271f0b96afc2
- SSDEEP
  
  12288:PLiXlpkmy90dDRggggMEh0+khbkyh6AsXQUNlKRbE+fTUQdUENi2KhYAOV2F7+/C:uXl+m4gggggM9b/sgUTCfTUQdUoi7hAY
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  CCIS/CCleaner/CCleaner.exe
- Size
  
  17.6MB
- MD5
  
  63c29cf31a568b2d8087d524b58f92fd
- SHA1
  
  8028b1578b25881374c5788e530a3b45449db935
- SHA256
  
  01076f684915e79d957fa2ba8aafeda761111ab3cd8cbff17cf89a69bafa81c4
- SHA512
  
  db5fbc1ea660fdddc8f3c7fdd16b3c016762d5c092a56b4ec8e3a0ff4b2bdb2751e4edf22d84b6dc1df010bdf06d3471b06a5ec2b0a75aa55080c8308b980d11
- SSDEEP
  
  196608:w0PW9ihCz6wl2QG5PC39EBERPI9qvlfgw0rqNMwlxA9ORd3Y9mj:wCW9bvl2faPT4w0rqNuG3Y9e
Score

6^/10

bootkit persistence
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  CCIS/CCleaner/CCleaner64.exe
- Size
  
  23.4MB
- MD5
  
  99123031f2cefbf6a525f69a5c22e590
- SHA1
  
  d7574c8f837bf40ba0e36d2ae1051b3bcaa0e8d6
- SHA256
  
  2f6de608047ad892098b1dc368afee0c14d85e20e38835df8c85715660983ad1
- SHA512
  
  2334bcd0b0cd501a9dbd56d352c8cdf13c2968e20902356b4792f0dfde62dc39969da03266868d79a858aae284cf8b8c88f5d8cd187721b384486e6defda3e41
- SSDEEP
  
  196608:Ub4ZkHPfPHOm13/3Ev3wZ5h82rLZaV/7corqNgmow3QlxA9ORd37:AvHOm1P3EvgZ5hzEV/AorqNHH3fG37
Score

7^/10

bootkit discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  CCIS/CCleaner/Lang/lang-1025.dll
- Size
  
  101KB
- MD5
  
  1b51e7164729ec6789a8dc6ef8fdd135
- SHA1
  
  4d7f3a0822200649a81f23fffc77307559fcf926
- SHA256
  
  a1756245dcef04be66e119a565bafe6e98bd8f1b8c3bfc78def56ba0e3af4a4e
- SHA512
  
  e04e74294c12c1911b78f84a8f0ff551ff128e56ee9ebe70637e542d59343ee94ddb77f097f8284e0169ec03dc6226a0466fe0fd604ea1bda5fade656f716d07
- SSDEEP
  
  3072:IlgpwJ5WBkrG4/40zfEdgFoNpTEN/34/s2j8sX10qOlZT/I:IusXEsK
Score

1^/10
behavioral7 behavioral8
- Target
  
  CCIS/CCleaner/Lang/lang-1026.dll
- Size
  
  101KB
- MD5
  
  a9e428203a97e47ec3f5c6a955c9fb0d
- SHA1
  
  096f24a4c11bb170b1dd1d43346e83c3c2961cbd
- SHA256
  
  97ab66d3a3121024fede9807a7b551191214b70f9fd4355b8ac7e65ced66050c
- SHA512
  
  eec6e2930354fca754e7e7a748cbde08644e01a9525d43a021355f5c0fe0822a25441b081af21b9ee638cc60f3d812119d4d6c80b56ea2296853860a57a756d1
- SSDEEP
  
  1536:cXpXAnddg79vwFIroqdKg0pgLevXKrmFqYOsF7Uks:3nn2viqoNxpgLevXKrmFqYOqVs
Score

1^/10
behavioral10 behavioral9
- Target
  
  CCIS/CCleaner/Lang/lang-1027.dll
- Size
  
  107KB
- MD5
  
  de32bdede37de316728616ba3494f724
- SHA1
  
  408487023765186eadf0cf66eff7333af521ecb5
- SHA256
  
  d1cf974b88f166ca9302fe9aaea56d4e19c3c3bc19d8ebb37a271cf41774ffc1
- SHA512
  
  2687888100e6e629202e1a1678c1cc26910df1d77c8cae512bca766457c600f3845feb22a87e77a14c3e914944280bb346dca9be1b4a6902d1321aeddfc7a865
- SSDEEP
  
  1536:PGFX8eTnBgOOhpXvZGBG5g0pgLevXKrmFqYw1xG7fOI0:gnOpXvZOYxpgLevXKrmFqYpH0
Score

1^/10
behavioral11 behavioral12
- Target
  
  CCIS/CCleaner/Lang/lang-1028.dll
- Size
  
  56KB
- MD5
  
  0735be0846d6bc8f45c6033ccd1a90f8
- SHA1
  
  c5bd80de90a7242b21bd13abf266d82d76b88294
- SHA256
  
  a83db52892413caa08a0ce8c59f1426af0dcb0f199161a777a160c80553253ac
- SHA512
  
  827ceb7ef170135291395a40c0e83092abad66d8fb8f27bb046cda68c6b58a260b3b8e471ea38c9ff57a90e7674b01381a046fa7a909c6d55bb31d9a20be66fa
- SSDEEP
  
  768:lpj/6YS4VBmsWFEIEwMS5SXmlTqJrljuXYC1k/zmgDGgaKgQDDGg/CEhH:HjLSCOMBhK5Kp
Score

1^/10
behavioral13 behavioral14
- Target
  
  CCIS/CCleaner/Lang/lang-1029.dll
- Size
  
  104KB
- MD5
  
  55fab145604243f7ccc5fbd8d54567b2
- SHA1
  
  40b6decf4f9a05fbe41e54da649131052e23bc32
- SHA256
  
  a36003f84a94aed9e41e49ef1410881650db6e04984286deca12ee1fc5c18eaf
- SHA512
  
  561a76f1fde444a4dc3a2ad84422eeed41ad248a4ee1064d5ab3ae50a7d044981b14d41d7c917f39706f5bf758ad5f734d2f1a47d290c31d389bfd58d900a029
- SSDEEP
  
  1536:mjFHpoy4k5MeV2Y9MiLQjIXYjQUB1yhBENxPwKKyVOPe:mZJvBLQcq1y6xDJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  CCIS/CCleaner/Lang/lang-1030.dll
- Size
  
  103KB
- MD5
  
  1d71d7dc345488424a8434aab046fa64
- SHA1
  
  6493686420bf32bfc9924b78c922d8e5e0a3d7fe
- SHA256
  
  64871ac797870a1181496501a284f679ed7d548103ab24835e65eda0d257919d
- SHA512
  
  eab50dcb7d881bbaa2c2b569a72a0917be011b903eed36e8416ec6d87e4593be3d42a242325bad094e94018a35c80482acf1321fab2398a31b6cfc2e7642549b
- SSDEEP
  
  3072:M2Mrjd6ojYlPH02RaaCzuo8JqMqoQw9bP:MMojhir
Score

1^/10
behavioral17 behavioral18
- Target
  
  CCIS/CCleaner/Lang/lang-1031.dll
- Size
  
  110KB
- MD5
  
  6b0107b3bf44f67f770ef3bce11830ac
- SHA1
  
  d372698b89d8ab07bfe73ba1cd00d17f6cbe5acd
- SHA256
  
  c3f49ef3dd3283daa30cd219845f8e839334df563d17e5cefb925d8b54760412
- SHA512
  
  5106579965517ff4ff2464567de407b905e605d4f6f40c7e47fffb90b70039bc7215b7cc243ba0ea0b97e3052235dd7989f674c69f2593c9b3469e1e81535940
- SSDEEP
  
  3072:ctJlKPh8ycnP1CLCZhKr5UWfHgFbFF9hx9AlfbamVXui4IrOpg8XFLZkwXOL6pIt:cnyZ
Score

1^/10
behavioral19 behavioral20
- Target
  
  CCIS/CCleaner/Lang/lang-1032.dll
- Size
  
  119KB
- MD5
  
  b7a1169b1b701623604ad5d4c19e29f0
- SHA1
  
  2c05787aa433b1da75205112bf7ac734efa13c48
- SHA256
  
  d1a3da3cb37cc3ef7549d4cf650f0130eaa97dc88c6f0af8c107dedeef41b329
- SHA512
  
  2a38e4aee585d0d8c5ff4d4ddc06862764169a7e49aada4b824f4a4ffec383c9eaed562e561442cf25c8ca15e23651d9d0be6cd61a4148b6302d6fef4307fa1e
- SSDEEP
  
  1536:69tiyRtM0Nj6M2QCPnmmGTzVOCPb+ITzGjFo5bGjg:6qyRtM0Nj6oCPRGTZOKSITzGjFo5bGk
Score

1^/10
behavioral21 behavioral22
- Target
  
  CCIS/CCleaner/Lang/lang-1034.dll
- Size
  
  116KB
- MD5
  
  57291c1f36664c17b3ecbe021ae24569
- SHA1
  
  f334828adf99a5c0e36704c22ed26c23314f330c
- SHA256
  
  21d0d6734e18f11c1d2a564689271e81001f34d6e56cd502a2601564c46722c6
- SHA512
  
  73c7ab6260050894d11e454041412f7d2b5df3a1012d8daf9e849b5e39e5a347fdcdf001937439246526b10058875c4d6b864eaf4b60f302fa54ed1c69d4c341
- SSDEEP
  
  1536:1j2TgmMO/NHn37ALZcHP9ufEZ7w7c7n+V0x+:1mgmxHLUZcHPcUw7c7n+d
Score

1^/10
behavioral23 behavioral24
- Target
  
  CCIS/CCleaner/Lang/lang-1035.dll
- Size
  
  110KB
- MD5
  
  065391dae953c89c172ad1c8968cd13f
- SHA1
  
  5b559890035f8c92431fb176e5991338c25405a9
- SHA256
  
  bc4e129996399064f73e5a0b67b50699ae312fc18f44e4f3740d49013187b31f
- SHA512
  
  b5443c2a4597ee36356b4061db7cf1389e4afd097eded5374680608dac93d538d84bee53bdf7bdcb8ab6fa773605d20efde33956a88ac85d01618596ac49753d
- SSDEEP
  
  1536:9jk0muysMZ9TUbBJL1ETapNwuWh8g0+hW6vbHyZQzjkG:9EuLu9TUbBJL1EgwuWh8L+hW6vbHaQz1
Score

1^/10
behavioral25 behavioral26
- Target
  
  CCIS/CCleaner/Lang/lang-1036.dll
- Size
  
  119KB
- MD5
  
  f58db10178d023ec1d26e11fb5d3efb0
- SHA1
  
  fb33c84b9326ea1bca7eab1817620e14db19ad75
- SHA256
  
  a9e8e62b7fe40fc065f84950f6028b3de56133f7c24b4f0b65220f807897eb87
- SHA512
  
  666c16f6afb8d09d6250c1538ec865c4e79cba0c023101adb0075555c33d8a42cdf11af70b8582181b4ebeb30c6efcd2ecbbf1f262674e0ba9bf2b84e3c2699c
- SSDEEP
  
  1536:bJjaFPGQAg18H1CRMhDIFESOnEg94wPka:bJOFPGQd8H4RMFIF9OEg94wD
Score

1^/10
behavioral27 behavioral28
- Target
  
  CCIS/CCleaner/Lang/lang-1037.dll
- Size
  
  86KB
- MD5
  
  cce1fb85a574f56ab2b8e5082bfe00ad
- SHA1
  
  7d7897bb749c16f558e2d798e3ea0292a81f1a56
- SHA256
  
  f89b77013050f994c788bfbae45791c2962f190e63bb008baedba427b50f0a38
- SHA512
  
  09eb44916ab4b4a2fbeea7081eb2d91a26fd66ff895038f086b132c397578d20fc8696fc04bc1d9616ccffe739b83b06560ef5c47b776145b5ea1b398d459817
- SSDEEP
  
  1536:O/oA7fVoqQDGLu77XAqmy23hNyux8Dzfsv:14QDGLu77N23hNf8DQ
Score

1^/10
behavioral29 behavioral30
- Target
  
  CCIS/CCleaner/Lang/lang-1038.dll
- Size
  
  113KB
- MD5
  
  b97f634af7070fe70af3a884743df213
- SHA1
  
  cc0d64d5149ef61fa231bbbb3beaf098451b2ab9
- SHA256
  
  f2eaa8a52561608ddf7ba380c200df3f5ba504a1f760433e1e950fa579da48a5
- SHA512
  
  be233e5e08ad7aac7639f981d2280416669f2e85789133957868a1a8c8b582e28de8a0d35759e953c9a1e81c15fd738a29845a6d10dcca174dc7625d92e4f90a
- SSDEEP
  
  3072:I2yAigl+69PvekK5qMfEJfYIaHpf87uVQzrDJs9ihmISwlQwxnKEdr4FMJgMEowO:IqNp9r
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32