e6a5142ea1fb4111a558838ca17dcfe8bba67c07b8c4a5c3bdf8ee047993c9eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0018a09f3ca47e8d5a241974945e60c2
Size

484KB
Sample

231225-cz8kgsccb2
MD5

0018a09f3ca47e8d5a241974945e60c2
SHA1

b3012cb09d940ecba74e645b7391e2db3cf867ac
SHA256

e6a5142ea1fb4111a558838ca17dcfe8bba67c07b8c4a5c3bdf8ee047993c9eb
SHA512

5021efd463b7aa54138144690b74700ab61a46753eb84bfdda60c6a8ee522073052ca6d42864e8c4737700cca5ec8fbd21ff192cde28dec43b612d4e2ed219d6
SSDEEP

12288:2BY3ifCIZ56z849tJXeAYyajEex3h5/MXZ/wfx:2BY3yCIf6A49Tu91YG/c5wfx

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  0018a09f3ca47e8d5a241974945e60c2
- Size
  
  484KB
- MD5
  
  0018a09f3ca47e8d5a241974945e60c2
- SHA1
  
  b3012cb09d940ecba74e645b7391e2db3cf867ac
- SHA256
  
  e6a5142ea1fb4111a558838ca17dcfe8bba67c07b8c4a5c3bdf8ee047993c9eb
- SHA512
  
  5021efd463b7aa54138144690b74700ab61a46753eb84bfdda60c6a8ee522073052ca6d42864e8c4737700cca5ec8fbd21ff192cde28dec43b612d4e2ed219d6
- SSDEEP
  
  12288:2BY3ifCIZ56z849tJXeAYyajEex3h5/MXZ/wfx:2BY3yCIf6A49Tu91YG/c5wfx
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer