Overview

overview

7

Static

static

3

Boost bot ...LT.rar

windows11-21h2-x64

3

BoostBotSe...ll.bat

windows11-21h2-x64

1

BoostBotSell/main.exe

windows11-21h2-x64

7

main.pyc

windows11-21h2-x64

3

BoostBotSe...t__.py

windows11-21h2-x64

3

BoostBotSe...39.pyc

windows11-21h2-x64

3

BoostBotSe...rm.dll

windows11-21h2-x64

1

BoostBotSe...me.txt

windows11-21h2-x64

3

BoostBotSe...ts.txt

windows11-21h2-x64

3

BoostBotSe...s.json

windows11-21h2-x64

3

BoostBotSe...rt.txt

windows11-21h2-x64

3

BoostBotSe...d.json

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Boost bot leaked by LT.rar

  • Size

    16.4MB

  • Sample

    240604-km9wsabg36

  • MD5

    21ef1e69b71dc155a733431adc931d22

  • SHA1

    48969bf6461ddd459a8a80ce853ef430fb39cf23

  • SHA256

    33dc853be9571e4fddcb07ab14fb1d1364394b8904eff403a04129a0efc49c81

  • SHA512

    d57ecf799f6b23d64437a7cbfce007b7c14cda47dda22a5e5ac341bd0bf658d2f5f975462039e59934f1212a45c5846df9db8e2378284121822afb3ea4588135

  • SSDEEP

    393216:kj8ZbX6ERnGrk2Du+ilETd9ieVljRzai27nyMilUxgFa81oU1:kSVcrfy7lid97LJaiAR38H1

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      Boost bot leaked by LT.rar

    • Size

      16.4MB

    • MD5

      21ef1e69b71dc155a733431adc931d22

    • SHA1

      48969bf6461ddd459a8a80ce853ef430fb39cf23

    • SHA256

      33dc853be9571e4fddcb07ab14fb1d1364394b8904eff403a04129a0efc49c81

    • SHA512

      d57ecf799f6b23d64437a7cbfce007b7c14cda47dda22a5e5ac341bd0bf658d2f5f975462039e59934f1212a45c5846df9db8e2378284121822afb3ea4588135

    • SSDEEP

      393216:kj8ZbX6ERnGrk2Du+ilETd9ieVljRzai27nyMilUxgFa81oU1:kSVcrfy7lid97LJaiAR38H1

    Score
    3/10
    behavioral1

    • Target

      BoostBotSell/install.bat

    • Size

      135B

    • MD5

      cfdd23d467f70c2b97d86a534f745413

    • SHA1

      fefdbf3124fe53483c305dd14548665014535d99

    • SHA256

      e710bae129a263ef319ae32ca255f87733a5ad5dd3dd190fa52042f207827296

    • SHA512

      9655dc7c2123bb1988abd548c2ff3a3b8744ba756c191e82ce36669a506feb5500295a9a4e71be54565fd4bae3e2a908abbf62ecf088ef4ab687bc946f260427

    Score
    1/10
    behavioral2

    • Target

      BoostBotSell/main.exe

    • Size

      16.4MB

    • MD5

      fbcbebbbe48bd23f5e033ba269de7775

    • SHA1

      f26677336a5cdf9dd0317e0eac1eb96f910aad01

    • SHA256

      853d2a54bdc7acbd21f2f6b513dc0cd5ccff02b2020546a23ab1b5aaa0e84931

    • SHA512

      7bc3ed7c4a6a537108d06c65a75ab7fafe729ad78bf15d195619708d83be17b0d8a41273938923c795ecce35a5caa494055c2088d610c035a463a84f50c87d76

    • SSDEEP

      393216:OhQ1Qtc7CEDmlh2p+ZkJTNsu0/3t4Ugj1W:O8Qa7CEDUQp+Zkk5

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3

    • Target

      main.pyc

    • Size

      16KB

    • MD5

      cec9bf91a2653768529acd2e126912de

    • SHA1

      3936ed717181f9996236bb52f5ebd67a1bdccdee

    • SHA256

      eacf70a1cd705367ec2d63fc0b2adb5956825fb13a8800aae442e691f96c92ea

    • SHA512

      3a20be069d785f2969023483855ebcd30afadef839a6bcb7c7c8ced908c366b2ea93c569ce52681eec1cb94c3de0f3f136ce231b132328b4acf6ee9ada96e69b

    • SSDEEP

      192:jL0aKC3o7mFyhG8AuZTYQHdFK518GKPSJQpMd0Zv0BAiHzAvzDHepSE2DIgst:Hzy7xh2uVYqE518GKKJ4LA/A0gI

    Score
    3/10
    behavioral4

    • Target

      BoostBotSell/pytransform/__init__.py

    • Size

      13KB

    • MD5

      58eb86eef7db4dd2a4e2ec8f52bd7521

    • SHA1

      858e8e7966a3c1756be1df24c81673b2c5e8e288

    • SHA256

      380c08b75906042d18e73b0d2654eb03043098984caa27ab454548fd93a3aa08

    • SHA512

      f0938d52fb19df5263302abba8ef9af1a4e0e80a40e7415ff82a5ab3c260eec251eeb890d0ececba7044b7d86c3b67da5b6499dce05ec8ddf591d162d29c6aa0

    • SSDEEP

      192:sIRqMEqbHCTMRNpyRW3T+3JbgDIFRuJFX9d1X2wiQvZh7kELPJdhGbc8/SHRl3RJ:sFwfIuXFXZNjlh8c

    Score
    3/10
    behavioral5

    • Target

      BoostBotSell/pytransform/__pycache__/__init__.cpython-39.pyc

    • Size

      11KB

    • MD5

      65964c3ddfb3b18381202d1479e675a5

    • SHA1

      d88d88725592012b6675c08e6ed66c2cc1f7cfcf

    • SHA256

      c7b2417f6734caa7edd20737bcec3578f2cd676bb5ca1a88000604cf528e8433

    • SHA512

      4f5b5a594de0cec38fa29687c6c0d1608a32a5ce67376c89222c06d0e7e28f5d1731dc24d3039300082c0039a4e196de34ea996d1f010e7e01f4e715b7112edc

    • SSDEEP

      192:zQ8jNNSxHry+RJ+mXQWI7Gptxv4yqbSP8HsmL/gHvzrzhzwgK:k8qRD2glRpLv4yq2P8sPzrzo

    Score
    3/10
    behavioral6

    • Target

      BoostBotSell/pytransform/_pytransform.dll

    • Size

      1.1MB

    • MD5

      88e3acb88b6ee62979d833cffe03bc58

    • SHA1

      090300946506a5a4acb44a9d202eaec58b4de271

    • SHA256

      3ffb5a714a87f3f790621a8e94b71e614c24a60097d592d8211c2682caa1d1ed

    • SHA512

      748d4c173678305c79c7c471428cf27ac38408bbb5791e3e33760a533ebb9dbc85d75b6ca3a71a28653621239302c883eef7157cb9f7a05e347bc598a22757d3

    • SSDEEP

      24576:0IGAamncZzdcZ7fUoPPEMz/0n71enodvQa90:EAamncge7zvP9

    Score
    1/10
    behavioral7

    • Target

      BoostBotSell/readme.txt

    • Size

      1KB

    • MD5

      6f78634bad86ad23046ecc5e7cd1eb98

    • SHA1

      55a1cb43abc7cfebac88441013719bc68b62da95

    • SHA256

      ffb1ca7268b86a355ebfd6932a0860cba110f49d4cf4e4d2e157b6cc644954c6

    • SHA512

      fc87748be08df77560238aa7f4b2093b733fa513e562530977a5e76f8e569557e2e346ee3413d6c7339c356b4d63705a884a5e1056412dd9e80af77c9393217f

    Score
    3/10
    behavioral8

    • Target

      BoostBotSell/requirements.txt

    • Size

      50B

    • MD5

      5bbaf88c492e630baefb70a2c0c1d73f

    • SHA1

      14d0582ec810e8d28f01a0f13b4a91c3c3e652fa

    • SHA256

      904df6b144d8aed83fc5972e73b42673f4e983f40f4deb8b58ecb90fbd344f5c

    • SHA512

      f645f68e3249b345b285eab65a5b353bb1ea4c39c12da294b2043367549bcaddb9be01dc5dd2ff9cf1cceaad07b472d6359fbff65952b90c4f396fff155fbb73

    Score
    3/10
    behavioral9

    • Target

      BoostBotSell/settings.json

    • Size

      190B

    • MD5

      c09fcb7c4fabcaa902c202895fa4eca1

    • SHA1

      d96f18434012dd612a97263729789a1c0e7cb537

    • SHA256

      5a3873cd24c0c6a847138ad15289f175e969e2ff405d8c765b67bd93a7f10afc

    • SHA512

      85e663416be537d5059236839d0ef6bfe2d11f3a4330808108021a16205cf77098ff6c202a6338202d64776a413e29c431cd6a57b74cbde9e140016dedee073d

    Score
    3/10
    behavioral10

    • Target

      BoostBotSell/todobeforestart.txt

    • Size

      996B

    • MD5

      64e6136a80dc5f49484bd53b7ad71d0e

    • SHA1

      d667d6457c844dc0dac82a1d07b9398e415f8a35

    • SHA256

      ea47be6555d921c3e52d2e47e9b5c204d0afddff6d621057033dd1c6c776507a

    • SHA512

      cd6ec58b48bb379d23c06e8783f8f4e559984b3dbd519f3f256b7cb60f3fc998066b57c68ec37e18c399ab42d9dbda044d56959a790df7503f426f8939291b03

    Score
    3/10
    behavioral11

    • Target

      BoostBotSell/used.json

    • Size

      2B

    • MD5

      99914b932bd37a50b983c5e7c90ae93b

    • SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    • SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    • SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Score
    3/10
    behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

9
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks