33dc853be9571e4fddcb07ab14fb1d1364394b8904eff403a04129a0efc49c81

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
03-06-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BoostBotSell/main.exe
Size

16.4MB
MD5

fbcbebbbe48bd23f5e033ba269de7775
SHA1

f26677336a5cdf9dd0317e0eac1eb96f910aad01
SHA256

853d2a54bdc7acbd21f2f6b513dc0cd5ccff02b2020546a23ab1b5aaa0e84931
SHA512

7bc3ed7c4a6a537108d06c65a75ab7fafe729ad78bf15d195619708d83be17b0d8a41273938923c795ecce35a5caa494055c2088d610c035a463a84f50c87d76
SSDEEP

393216:OhQ1Qtc7CEDmlh2p+ZkJTNsu0/3t4Ugj1W:O8Qa7CEDUQp+Zkk5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 35 IoCs

pid	Process
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe
3872	main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	discord.com
3	discord.com

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 3872	3896	main.exe	79
PID 3896 wrote to memory of 3872	3896	main.exe	79

C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe
"C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe
  "C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe"
  2⤵
  - Loads dropped DLL
  PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI38962\MSVCP140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\VCRUNTIME140_1.dll

Filesize
35KB

MD5
9cff894542dc399e0a46dee017331edf

SHA1
d1e889d22a5311bd518517537ca98b3520fc99ff

SHA256
b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca

SHA512
ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_asyncio.pyd

Filesize
63KB

MD5
86c1fa7f84e05043885f0e510508d409

SHA1
397806fdb6dbf7c513c18b0e56032e0eddf4a250

SHA256
69a7e18b4284aee2d796320cb81079ed4419d643dc58f342e2bee83eef1f215b

SHA512
9be67af77324add7641d1d8717a8037abc7d71573310b2df593b6d502193ce07f7a17496ed6b01546d3b9428eac1d043f8decf25be663f14d20c1402b162c76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_brotli.cp39-win_amd64.pyd

Filesize
861KB

MD5
2c7528407abfd7c6ef08f7bcf2e88e21

SHA1
ee855c0cde407f9a26a9720419bf91d7f1f283a7

SHA256
093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

SHA512
93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_bz2.pyd

Filesize
84KB

MD5
e91b4f8e1592da26bacaceb542a220a8

SHA1
5459d4c2147fa6db75211c3ec6166b869738bd38

SHA256
20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f

SHA512
cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_ctypes.pyd

Filesize
124KB

MD5
6fe3827e6704443e588c2701568b5f89

SHA1
ac9325fd29dead82ccd30be3ee7ee91c3aaeb967

SHA256
73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391

SHA512
be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_hashlib.pyd

Filesize
64KB

MD5
7c69cb3cb3182a97e3e9a30d2241ebed

SHA1
1b8754ff57a14c32bcadc330d4880382c7fffc93

SHA256
12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20

SHA512
96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_lzma.pyd

Filesize
159KB

MD5
493c33ddf375b394b648c4283b326481

SHA1
59c87ee582ba550f064429cb26ad79622c594f08

SHA256
6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16

SHA512
a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_overlapped.pyd

Filesize
45KB

MD5
0d41b13272bdf3655470f280009a67e5

SHA1
47285ca0a012fa747ec0f441266c88792847842b

SHA256
8cd7e2c9892146816357c3e045ab7571959f6355f17a2cc6d8e72c184d67be2d

SHA512
2db7d0f2210798bba2fd416876ee2f212c1d153d839f38660e7d0c6e2b5e51d96c7d400b3a477da02aa5027a3701da4341bf96a393997851c79a2ae9fb686945

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_socket.pyd

Filesize
78KB

MD5
fd1cfe0f0023c5780247f11d8d2802c9

SHA1
5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc

SHA256
258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6

SHA512
b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_ssl.pyd

Filesize
151KB

MD5
34b1d4db44fc3b29e8a85dd01432535f

SHA1
3189c207370622c97c7c049c97262d59c6487983

SHA256
e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6

SHA512
f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\_uuid.pyd

Filesize
22KB

MD5
71ab50ef5e336b855e6289b0ac3e712d

SHA1
e06c3b0d482623393d2e2179de0ff56eb99c4240

SHA256
6f1cc2d6a770f1b441dc6371decae414ea1bd509b0e37b423faa33fc98a28b7e

SHA512
345b4d664f3bc29cfb743a95f78898651f8d3d1ac1365b89690068888202ee58f59f341466f26bb94bd568b67f2d3fcf2e5f022c9c25f2ca25d5baf0aa514682

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\aiohttp\_frozenlist.cp39-win_amd64.pyd

Filesize
63KB

MD5
f2454e08f168a9af3b6aabf41c5488e3

SHA1
3ba72153103db0292c555eba4f43f37bddd43a51

SHA256
6a563a4ddc233ed5f01f8635d590366b5a078ac73a28a82d837f24bec23dd14f

SHA512
3b2008e5ff3009664d7eeafffc3c8bfe420e337177a3f6926314773d65b6622a09b192e893ec50f0b366f356c9b4768358e352cba96127f85f529ce255eb8c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\aiohttp\_helpers.cp39-win_amd64.pyd

Filesize
47KB

MD5
6815a1c38a30d6ae70027184c09adccf

SHA1
ce5afe856c4445d173c0d524f139d1aed3cc4e65

SHA256
399dfeee9a2f8c6a132c2d4d28931f4c6c0f1d1394de54b182a6457d9143a418

SHA512
efd4fa17a9611ca4337cc667b164e83745bbc4043c226e684957146c9bc2ba37c892940845ec2ff0142d3fe604654a12bf05022782d0c0c3194e4d109b5ebf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\aiohttp\_http_parser.cp39-win_amd64.pyd

Filesize
230KB

MD5
67946fe0102b3555988a8edd321946c0

SHA1
a93b16df8e9ccbfe2892e4676f58a695cde9604a

SHA256
636a925eb31c3a7de39cb9495613b13570606a0672d3e699cb6983287e0c01e3

SHA512
786a4e6c49f77bf6cffce5c98cbc66d518075309dacc4c3df286d3c3bc21f7c0cf7986bf85e374827ec7951c13acdd031e76c336bd1fb4fd265aa03a8a28dfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\aiohttp\_http_writer.cp39-win_amd64.pyd

Filesize
41KB

MD5
1a518361de37d98224ff98bf47618ecf

SHA1
f81def8f71d203aaf68774f6e1158ccceb5806bc

SHA256
84e8b37d6fd0162610deb3c1d4887f70e6447850321eea846f860efc2862704b

SHA512
7ffef935ba56e2bbad0c569e63f5d33d83dfc72e10252ee259c6fff9859c4e302405a8c017012a9efa6da40ecc1de1ad3248a89404d8532b78b177a6d2ce305f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\aiohttp\_websocket.cp39-win_amd64.pyd

Filesize
27KB

MD5
5fdb53cff23dc82384c70db00ada94c0

SHA1
c52391eadeafe9933682c7dbee182200b0640688

SHA256
d1c463b5c7a878ef5358a63bb0ea9e87311fe1f416f762bd18b4888c170c647f

SHA512
2d81e2eed6b4f37c4178141a24cf4475d27378a5bad3b6f8af022b185050ee9832de5db31271e5ca6e5e397f2e8a2a36edf9ca7eb6e0a9b918e3e8618c22e60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\base_library.zip

Filesize
779KB

MD5
3ca045cb85fe4437480ecc8f4b745d5d

SHA1
f40c00afa5c916d73264c8e63acdd3a809af2556

SHA256
bcd1bf27833cec805c27fbb5e259eaea186d34f74e9e8d5394a1c8c01649b2d0

SHA512
c0bacbf5a5270fe4c25a7f1d6efdcaf6f4271509908b89d122b17d48384110ac47e6a78951c46571dee6cc07afd7f13cb419a279e35f1ce375dd1e9ac5e61bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\nacl\_sodium.pyd

Filesize
336KB

MD5
f2f8c186dbb91b3dddf6aa7b44ee05d4

SHA1
95eb61564c5191e59ca5e359646e9564d77a6f97

SHA256
ca83a6731e6d49ccb86d94601b148bd4cc36ad89f9cdaae6eec46481047d13ec

SHA512
ae2c2ef8abf304cd9132add4cc2f08c4c5486ad96058351fe101788d014a04cb554dec5fab779f9a2ccb9d13ffac45dca3db89e36de163076e5b4c9ff171738e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\pyexpat.pyd

Filesize
187KB

MD5
96d55e550eb6f991783ece2bca53583d

SHA1
7b46eaae4e499a1f6604d3c81a85a0b827cc0b9e

SHA256
f5d8188c6674cbd814abd1e0dd4e5a8bfadb28e31b5088ae6c4346473b03d17e

SHA512
254b926690a565bc31cae88183745397c99d00b5d5417ab517a8762c8874dff8fcc30a59bda1cd41b0e19e2d807ac417293a3a001005996a5d4db43b9b14d5eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\python3.DLL

Filesize
58KB

MD5
e438f5470c5c1cb5ddbe02b59e13ad2c

SHA1
ec58741bf0be7f97525f4b867869a3b536e68589

SHA256
1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

SHA512
bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\pythoncom39.dll

Filesize
543KB

MD5
3d4173aaa79ba343f2aa7c1ef69171cc

SHA1
43f410e02c0b5b8f7dc8c2ebf82c7584050f5674

SHA256
bceebaba98080a11b7eb83c8d43357a8b3387eeb03f40acccd834cf8f47316a1

SHA512
76322c3646050559695355a931d310283e9672cf95742de676884e9810a5440f2b13d84f007bae8d996d67ab20d546cd616eeeb7a47f0cfe63424c901c9dddf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\pywintypes39.dll

Filesize
139KB

MD5
977f7ef232671b94251d8eaddd15390d

SHA1
97d9035a5f21df0267f4ae8cd203a92917aab970

SHA256
4ece6771f1206b99dba4e5cf988051472f530bf90bb3114d3fd7377b3f34dfa6

SHA512
1f556c661d3dd963cd563230a1ac1707905ffbfb3d76081f3dd316b40ce55ce1bfcc431f744de98ab3249760d4386cccd54a483b01f98017ff75c6603d316988

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\select.pyd

Filesize
28KB

MD5
0e3cf5d792a3f543be8bbc186b97a27a

SHA1
50f4c70fce31504c6b746a2c8d9754a16ebc8d5e

SHA256
c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460

SHA512
224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\unicodedata.pyd

Filesize
1.1MB

MD5
7af51031368619638cca688a7275db14

SHA1
64e2cc5ac5afe8a65af690047dc03858157e964c

SHA256
7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6

SHA512
fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\wheel-0.37.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\win32api.pyd

Filesize
131KB

MD5
0afa0ac73c1659570e529f51f3a0d8c6

SHA1
f4f7d659bcac3409395aa92a72ba90d0c7db204f

SHA256
b541e3d53be2db7da8e1c16496958fc6c8034ccc8ac763fd00e4a6fbd1162944

SHA512
0bb76bd92cbbd8f1f42a309b9f17124136032a41f7e75977fff4e208794218ed01574c7253a75fa7254cfcdb5f7920ebd8847fff9e851c3a6559eb6ed80590fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38962\yarl\_quoting_c.cp39-win_amd64.pyd

Filesize
78KB

MD5
584a1c4fdc8ebf52a8d80858ea778136

SHA1
cd7b89c764d2f8108b8731f180d4301512ba44a1

SHA256
092138b87464109479c49a57ad3d48cdfffac2a05d27e1f79de6327e074d34c2

SHA512
7fc6064a6531fafd5446ab106223b6f51fe7150861ebf77a7a61a44fb7d16e51757857884a5a6f7efb2d8535e0a79ca9ea4cf7cac22d2e869e128f90a255ecc9

Download Submit