cd7a63b7832ec167c20e80bfa0e5868b76a783fe0ccfd94f9a0c451aa6071848 | Triage

Sharing

General

Target

7e5bdca7a9de1721844c83a9736f4247
Size

532KB
Sample

240129-ad88safbcp
MD5

7e5bdca7a9de1721844c83a9736f4247
SHA1

46275c285cb45b0c86027e70f46efd5bee8de520
SHA256

cd7a63b7832ec167c20e80bfa0e5868b76a783fe0ccfd94f9a0c451aa6071848
SHA512

d94dba5101b7b1bdf70fcd1d22acb7322a035bcc82696f591f58d95784062e7c4c655674b2c1efdf64e072c339239384a876ca7e94764f1322c057d66dbc9751
SSDEEP

12288:hDu9km32xPExY8th3idkuAgul3a9xvqBFHkadO4ceNw3c6RHRkfWdDH:tRm3YP+tRSnAgu89wmadO4ceJ0R5L

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  7e5bdca7a9de1721844c83a9736f4247
- Size
  
  532KB
- MD5
  
  7e5bdca7a9de1721844c83a9736f4247
- SHA1
  
  46275c285cb45b0c86027e70f46efd5bee8de520
- SHA256
  
  cd7a63b7832ec167c20e80bfa0e5868b76a783fe0ccfd94f9a0c451aa6071848
- SHA512
  
  d94dba5101b7b1bdf70fcd1d22acb7322a035bcc82696f591f58d95784062e7c4c655674b2c1efdf64e072c339239384a876ca7e94764f1322c057d66dbc9751
- SSDEEP
  
  12288:hDu9km32xPExY8th3idkuAgul3a9xvqBFHkadO4ceNw3c6RHRkfWdDH:tRm3YP+tRSnAgu89wmadO4ceJ0R5L
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer