e13d84ed66c1b84715e91c2631527daa905593aac5831c54feb998c31f911932 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05e89df3dd9b5902bc89b9f24d2f6d45
Size

436KB
Sample

231225-fdmbxahghr
MD5

05e89df3dd9b5902bc89b9f24d2f6d45
SHA1

0ae24aa08f14911ed29f737dbe02808be7ab650b
SHA256

e13d84ed66c1b84715e91c2631527daa905593aac5831c54feb998c31f911932
SHA512

65a631a705ce5a8245d249f74148883cab8ae487adf41428d8228dc1c6a662b37216c439c9ec827784d594c95e93e1241d4c843a36845a6281992d61c58a6ff2
SSDEEP

12288:TTG2GUf8kxszOf/vRV9galubq/fLH9NLAlSaqOd38OSmvtu:Ta+8BzyJCqrdRAlSaq/F

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  05e89df3dd9b5902bc89b9f24d2f6d45
- Size
  
  436KB
- MD5
  
  05e89df3dd9b5902bc89b9f24d2f6d45
- SHA1
  
  0ae24aa08f14911ed29f737dbe02808be7ab650b
- SHA256
  
  e13d84ed66c1b84715e91c2631527daa905593aac5831c54feb998c31f911932
- SHA512
  
  65a631a705ce5a8245d249f74148883cab8ae487adf41428d8228dc1c6a662b37216c439c9ec827784d594c95e93e1241d4c843a36845a6281992d61c58a6ff2
- SSDEEP
  
  12288:TTG2GUf8kxszOf/vRV9galubq/fLH9NLAlSaqOd38OSmvtu:Ta+8BzyJCqrdRAlSaq/F
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer