General
-
Target
BoosterX.exe
-
Size
33.2MB
-
Sample
240528-q7d8haga8z
-
MD5
8a5510bea4ccd744c30cc7338a2144c1
-
SHA1
8e96a6e02e5f4da4c5f1bcf60ea402eee4f5be94
-
SHA256
9d0b6ae05c845ce78318d91b514b46947b2e6f37ffb368a1cefee77ad63faee5
-
SHA512
a81d5d63d66b508144888f43c9898aaeda88382d9ede39ae8df74114908a0fcf165d62eafd9454dd23887229d366a012faada248e981926e7d1b4b696454476f
-
SSDEEP
786432:jU/dOrreYCXTZnV2LWrNgwoHNaBy7Dy5ncHkiTSct9:A1OfeZXTZnV2KrMHNj7DDHki1
Static task
static1
Behavioral task
behavioral1
Sample
BoosterX.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
BoosterX.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
BoosterX.exe
-
Size
33.2MB
-
MD5
8a5510bea4ccd744c30cc7338a2144c1
-
SHA1
8e96a6e02e5f4da4c5f1bcf60ea402eee4f5be94
-
SHA256
9d0b6ae05c845ce78318d91b514b46947b2e6f37ffb368a1cefee77ad63faee5
-
SHA512
a81d5d63d66b508144888f43c9898aaeda88382d9ede39ae8df74114908a0fcf165d62eafd9454dd23887229d366a012faada248e981926e7d1b4b696454476f
-
SSDEEP
786432:jU/dOrreYCXTZnV2LWrNgwoHNaBy7Dy5ncHkiTSct9:A1OfeZXTZnV2KrMHNj7DDHki1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
1Service Execution
1Command and Scripting Interpreter
1PowerShell
1Persistence
Create or Modify System Process
2Windows Service
2Browser Extensions
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
9Impair Defenses
3Disable or Modify Tools
3Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Subvert Trust Controls
1Install Root Certificate
1