Overview

overview

8

Static

static

3

1773565cd9...ca.exe

windows7-x64

8

1773565cd9...ca.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    1773565cd9cfff6c1e570c1cd8996dca

  • Size

    459KB

  • Sample

    231230-nw6r9safak

  • MD5

    1773565cd9cfff6c1e570c1cd8996dca

  • SHA1

    45f2df63ac7b82d2b2ae87a4ce03324b32c39f81

  • SHA256

    38dcaf30cc9d82ee6b919db70bc954dbee92bc9b370f5ead158339932ba9b027

  • SHA512

    f3ba89bd6ecac710606df46317281a87010414cb7360b55d409d38cf655a068109163f78c992d964f188d4f5346f9e649bc84a5239703dfe07ab48b368646fa0

  • SSDEEP

    6144:1G3FnRQ3CTZyokIeWIo2i1oUSvEGkJXc5ILB2+PWzFLKlXlBk1RPd/WhubkirBt2:016ucvECUBv+hZzcd7aEARLWF

Score
8/10
adwarebootkitpersistencestealer

Malware Config

Targets

    • Target

      1773565cd9cfff6c1e570c1cd8996dca

    • Size

      459KB

    • MD5

      1773565cd9cfff6c1e570c1cd8996dca

    • SHA1

      45f2df63ac7b82d2b2ae87a4ce03324b32c39f81

    • SHA256

      38dcaf30cc9d82ee6b919db70bc954dbee92bc9b370f5ead158339932ba9b027

    • SHA512

      f3ba89bd6ecac710606df46317281a87010414cb7360b55d409d38cf655a068109163f78c992d964f188d4f5346f9e649bc84a5239703dfe07ab48b368646fa0

    • SSDEEP

      6144:1G3FnRQ3CTZyokIeWIo2i1oUSvEGkJXc5ILB2+PWzFLKlXlBk1RPd/WhubkirBt2:016ucvECUBv+hZzcd7aEARLWF

    Score
    8/10
    adwarebootkitpersistencestealer

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks