General

  • Target

    driver_booster_setup.exe

  • Size

    28.4MB

  • Sample

    240509-ct5lmsdc8z

  • MD5

    19af89225259bf9ee269a74bbe85e6c2

  • SHA1

    f9455e4e7f68de76304567ee41d8dc4f1126a1f3

  • SHA256

    754eb8ab055095715c03f76840a42588e375b8f7b72d2c8bb7580456b26524b4

  • SHA512

    381424332a501c805661501a1e7f5e257be48cbe9a99d1a06bda5a73c7486b171983a03396248f2913104829c1b8abb28cd1dbb654163d7527dbcdded4f4596f

  • SSDEEP

    786432:ek67n39eN9LkC75Suthgp2tF+IUT8mCN0tqMYsiFJn4FV:g39eF7YurgQ/MJzFV

Malware Config

Targets

    • Target

      driver_booster_setup.exe

    • Size

      28.4MB

    • MD5

      19af89225259bf9ee269a74bbe85e6c2

    • SHA1

      f9455e4e7f68de76304567ee41d8dc4f1126a1f3

    • SHA256

      754eb8ab055095715c03f76840a42588e375b8f7b72d2c8bb7580456b26524b4

    • SHA512

      381424332a501c805661501a1e7f5e257be48cbe9a99d1a06bda5a73c7486b171983a03396248f2913104829c1b8abb28cd1dbb654163d7527dbcdded4f4596f

    • SSDEEP

      786432:ek67n39eN9LkC75Suthgp2tF+IUT8mCN0tqMYsiFJn4FV:g39eF7YurgQ/MJzFV

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Drops file in Drivers directory

    • Stops running service(s)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks