Overview

overview

10

Static

static

1

BoosterX.exe

windows7-x64

1

BoosterX.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BoosterX.exe

  • Size

    33.2MB

  • Sample

    240528-q7d8haga8z

  • MD5

    8a5510bea4ccd744c30cc7338a2144c1

  • SHA1

    8e96a6e02e5f4da4c5f1bcf60ea402eee4f5be94

  • SHA256

    9d0b6ae05c845ce78318d91b514b46947b2e6f37ffb368a1cefee77ad63faee5

  • SHA512

    a81d5d63d66b508144888f43c9898aaeda88382d9ede39ae8df74114908a0fcf165d62eafd9454dd23887229d366a012faada248e981926e7d1b4b696454476f

  • SSDEEP

    786432:jU/dOrreYCXTZnV2LWrNgwoHNaBy7Dy5ncHkiTSct9:A1OfeZXTZnV2KrMHNj7DDHki1

Score
10/10
adwarediscoveryevasionexecutionexploitpersistencepyinstallerstealertrojanupx

Malware Config

Targets

    • Target

      BoosterX.exe

    • Size

      33.2MB

    • MD5

      8a5510bea4ccd744c30cc7338a2144c1

    • SHA1

      8e96a6e02e5f4da4c5f1bcf60ea402eee4f5be94

    • SHA256

      9d0b6ae05c845ce78318d91b514b46947b2e6f37ffb368a1cefee77ad63faee5

    • SHA512

      a81d5d63d66b508144888f43c9898aaeda88382d9ede39ae8df74114908a0fcf165d62eafd9454dd23887229d366a012faada248e981926e7d1b4b696454476f

    • SSDEEP

      786432:jU/dOrreYCXTZnV2LWrNgwoHNaBy7Dy5ncHkiTSct9:A1OfeZXTZnV2KrMHNj7DDHki1

    Score
    10/10
    adwarediscoveryevasionexecutionexploitpersistencepyinstallerstealertrojanupx

    • Disables service(s)

      evasionexecution

    • Modifies Windows Defender notification settings

      evasiontrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • UAC bypass

      evasiontrojan

    • Modifies boot configuration data using bcdedit

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Browser Extensions

1
T1176

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

3
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

3
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

9
T1112

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

1
T1222

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

System Information Discovery

6
T1082

Query Registry

6
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks