94fe564e60af7f81256f3aabddb8b85e63125711dced286e189b90fa06039156 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

blurayplay...up.exe

windows10-2004-x64

7

Sharing

General

Target

blurayplayer_setup.exe
Size

99.8MB
Sample

240522-xtnncadb2v
MD5

eaeced27040be15092da9aa0523f3317
SHA1

8f4e7ae995eea5d764f8847845e09780080f7333
SHA256

94fe564e60af7f81256f3aabddb8b85e63125711dced286e189b90fa06039156
SHA512

98219a765929ad080535df05d1acc1ad719fd396cb769fcf786b05bc549bf35505ed59ffc355f35ffc6108fba6f5d3d803cce1d85424223d9145b9af346396cd
SSDEEP

3145728:dwA2g9w7qBTkvdClNfqbJQVGLnn9ZfGCllgFp35XE2zLms:WA25qmdUNfMjjLfflkzXvzLz

Score

7^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

blurayplayer_setup.exe

Resource

win10v2004-20240508-es

bootkit discovery persistence spyware stealer

windows10-2004-x64

30 signatures

600 seconds

Malware Config

Targets

- Target
  
  blurayplayer_setup.exe
- Size
  
  99.8MB
- MD5
  
  eaeced27040be15092da9aa0523f3317
- SHA1
  
  8f4e7ae995eea5d764f8847845e09780080f7333
- SHA256
  
  94fe564e60af7f81256f3aabddb8b85e63125711dced286e189b90fa06039156
- SHA512
  
  98219a765929ad080535df05d1acc1ad719fd396cb769fcf786b05bc549bf35505ed59ffc355f35ffc6108fba6f5d3d803cce1d85424223d9145b9af346396cd
- SSDEEP
  
  3145728:dwA2g9w7qBTkvdClNfqbJQVGLnn9ZfGCllgFp35XE2zLms:WA25qmdUNfMjjLfflkzXvzLz
Score

7^/10

bootkit discovery persistence spyware stealer
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy