bc27ecf6160b203ee5eb9a1653ee7d93e77f3d0376d5fa0a73065878e137fea8 | Triage

Sharing

General

Target

8cbe39234148db65878a77bbf444a5ed
Size

473KB
Sample

240203-tewtmafdcm
MD5

8cbe39234148db65878a77bbf444a5ed
SHA1

7eaba0c3ab1650d67520641ac91c2343c7a8f584
SHA256

bc27ecf6160b203ee5eb9a1653ee7d93e77f3d0376d5fa0a73065878e137fea8
SHA512

01597c5985da84a9cf99939aaf33450201e9215eb529ab044d416253411545498be24e9406e8f64216c0e82252a07fb599e0a74339f72639871f42e066c53955
SSDEEP

12288:/hQB7l/u/mxestHth8dLkBFWalKHWdm2jyy8pSRmJSCC:pWMuE8tiZkb9kHgmby+vSCC

Score

7^/10

bootkit persistence spyware stealer

Malware Config

Targets

- Target
  
  FireTune.exe
- Size
  
  321KB
- MD5
  
  f19e658abf1216870d3a110a86f4c380
- SHA1
  
  d7416e652bbfbd014a39bccd869e6f717aac2700
- SHA256
  
  f5bd5d44dd577b9f398d4eb704af00f233d6205a77634b53769cfb7d2039a304
- SHA512
  
  8ac24eecd81b762b3879a8003742bb06f3059af97098191e735195545724b49ad68a92057b8a934a9d03eb1b2c2f3dd97e6caab267fffb814affa3327e2bdc95
- SSDEEP
  
  6144:NNx8zxDsUofnmDaO59Q3kQ4JTaARxRTFYVksQZ2FAwE8FJcan+rQtghEvx:NN2zF72nIlQUQMasvT6ksQ8bE8FJcaGI
Score

7^/10

bootkit persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  firetune-de.chm
- Size
  
  43KB
- MD5
  
  60791e8b530f9e9792920fbf9ccae085
- SHA1
  
  1b5581a70f4e0944c1e22167c593f0eeb6809a52
- SHA256
  
  c4fff8cd59f2a8c8cf1e9cf050391880327f8c640c3e038762db7b7f3eddb76f
- SHA512
  
  134c1b005423ecd15f28d8a75bd7e3b73b217f1d6b095cc98cd95d4655cc70c6da705201a3d73ff224936f6f8c17e5e8f5d39f6057e32de3fcbe9e87d27f6777
- SSDEEP
  
  768:ujtN3p0dczSdc8o6AncZPQmetYMaGXlrAMh0VP7KhMH0+rzeY:ujtdp0O+cKZtetYwdh0VTWMRz5
Score

1^/10
behavioral3 behavioral4
- Target
  
  firetune-es.chm
- Size
  
  42KB
- MD5
  
  18807774b820473d5a921d869a0f658f
- SHA1
  
  d8013bd422940661a9bcc521effab9c23b37d643
- SHA256
  
  3f4b4d39a20e2f6bccb55351def66fd80f37bdb4b854d7b871b22d6ed3f8fa6d
- SHA512
  
  6c6568fa1bf303442fa33b066a6410e5de9adfec00467cba9ed3879c5a290180949e353d62c3ec81e64887880965e7e7087160cf0c11da4795dbb5711a29b4a0
- SSDEEP
  
  768:a+dShsdDqhPsB/NH1Sbn0C/KOmidlET2YkGF2HCICirTFm:a+dSad+hkBw0DOmv2HCICuc
Score

1^/10
behavioral5 behavioral6
- Target
  
  firetune.chm
- Size
  
  40KB
- MD5
  
  ca750c80027aaede5d5c2a2b52c53269
- SHA1
  
  0e18e177c5ff0a1e3f0d92a906788ac31c876707
- SHA256
  
  2f6d9f4e995e49db58c68209fc33810e753f21e293b657d8429d693495d8f42f
- SHA512
  
  04a296d7460e3b16cbaee96d0e00ee0dbabb243e553238000479b2e0d3fcaf80d9c51c3ff36af78e13219245711dd695983cf1cbcd99682c7f8c1b105a27224a
- SSDEEP
  
  768:dcSfdxKC31aJBKeuo95H8xgolcEZvHZf7FwKOZ/LMwPBVBJMEiTLOOWcS25:dc2dL38q295cxg0jwZ/BPBV7iTyhcr
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencespywarestealer

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8