c16fb37174db73f6d6070a87c43beda40357452e1e7ca344fe457b836c9d6976

Sharing

Copy URL

Twitter E-mail

General

Target

tool-boost-funk-boost.zip
Size

12KB
Sample

240609-s7kfmacg65
MD5

17c20cc6649111ec418827562a71516a
SHA1

d54a513da346dfd8b47974bc4948852044790ced
SHA256

c16fb37174db73f6d6070a87c43beda40357452e1e7ca344fe457b836c9d6976
SHA512

c662b5cfc66622ead5847fb38237f93912ab85ee214d20743de319f00676dccc948fb1a971b32603a67bdbcfc57b6c2b1e2230af3f9e20a254c1f74a8aa0199b
SSDEEP

384:Las0XAYAWQjjTOAl5cH/9oIVTMXj/KaO6w:GnQYApjjiAl5c6mTwLKow

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1186759970017005689/1203466731985829998/boost.exe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/IWcommunityFR/tool-boost-funk/releases/download/boost/boost.exe

Targets

- Target
  
  tool-boost-funk-boost.zip
- Size
  
  12KB
- MD5
  
  17c20cc6649111ec418827562a71516a
- SHA1
  
  d54a513da346dfd8b47974bc4948852044790ced
- SHA256
  
  c16fb37174db73f6d6070a87c43beda40357452e1e7ca344fe457b836c9d6976
- SHA512
  
  c662b5cfc66622ead5847fb38237f93912ab85ee214d20743de319f00676dccc948fb1a971b32603a67bdbcfc57b6c2b1e2230af3f9e20a254c1f74a8aa0199b
- SSDEEP
  
  384:Las0XAYAWQjjTOAl5cH/9oIVTMXj/KaO6w:GnQYApjjiAl5c6mTwLKow
Score

1^/10
behavioral1 behavioral2
- Target
  
  tool-boost-funk-boost/README.md
- Size
  
  768B
- MD5
  
  1f6c0d77f3af20bed06b600044711dfb
- SHA1
  
  88fc060965073fc357cca3be3f1d585b23e4815a
- SHA256
  
  e862b7f17a2f78c22a5e7b50f6459c9c77b32e326e8e71c79144728e3be3ebe0
- SHA512
  
  8f2848e06e8de0d9fa598d0658a2f8c1f527d4aafc879cd1d65dfd0ace0d8bafcc773ea25a0c3404728e4a9b2ca90f9c77b4b41222ea66cfd2735c296ebdce18
Score

3^/10
behavioral3 behavioral4
- Target
  
  tool-boost-funk-boost/boosting.py
- Size
  
  17KB
- MD5
  
  b671067b66c0f303fd3b47ecad4942b0
- SHA1
  
  973cdb0368d06b115ae76cab6dae17c52023cdcf
- SHA256
  
  c78d7b4beaa39bafbb4bbac6b749918fe7f35ec937c162a9dd22563829c4276e
- SHA512
  
  a95eefa785ed461fbbc966d3c2610b3c9e27dea2e088ed17684dfa50c6620803e89b3aed9ef8cf594e887377ab80fcaaa4f3260d84a83cff9a79a81d0953078e
- SSDEEP
  
  384:zF4KxTg3yTM7TMTMRTMTLs3AwG+QpBuAr7ZTb58STiTHN:2IZKwMdwEA5+QPuk7ZTb58eOHN
Score

3^/10
behavioral5 behavioral6
- Target
  
  tool-boost-funk-boost/config.json
- Size
  
  178B
- MD5
  
  a4a3db49f2a6d099608bd16fb1193458
- SHA1
  
  fa0996f79324f63b3da639ef271d2dacee4604d4
- SHA256
  
  f5187f2d24a92a1c8897c307a3417ed26da2333d7c700d75ddff70876c4fa1df
- SHA512
  
  adbe692b759b5d661a6aa477d0af9b4acc2b6bb51ced43f366bc162a26d14a684176fa82bd6de76cb43f406c16bc72d60837f95296683882c286088c0e5a5d99
Score

3^/10
behavioral7 behavioral8
- Target
  
  tool-boost-funk-boost/fingerprints.json
- Size
  
  13KB
- MD5
  
  62ff0af0b53bfea43739cb083162f7db
- SHA1
  
  4526babf984f40bfe61f1c5a165d92e57e7bdbd8
- SHA256
  
  e7996b61449fbfa88a6ac049690410d7bc19ad30b2ced99a344a4f28cee77df2
- SHA512
  
  75026771b7fc6cc58feaf0a55354cebc4f4b26549af9e49e0aed92149c9dac9ce50f601c622bf4ac21780531c0ae22be4baf1dfc37025947ddcf5af9c5bd4389
- SSDEEP
  
  384:Tp+c0YjB+X+o+V0Yj8+R+/0Yj4+b+e+60Yj:tb0k+hI07Mu05ktp06
Score

3^/10
behavioral10 behavioral9
- Target
  
  tool-boost-funk-boost/input/proxies.txt
- Size
  
  205B
- MD5
  
  0398894e590769a3f734804eecfeaaff
- SHA1
  
  483b0322c79dd6c33e658e2f575fdeeb3f730f89
- SHA256
  
  1aaacf3ec595c32b945bb14e0c20cf9fe043270f48de21cde0c23b4e88c6a809
- SHA512
  
  390f25a865a2f904f5ab14b4a1e43f302a93c76dfd15cea3d16017804e139bbc9bf2d0e11a130047b93aff1f96bb28ad45af41b792831d048a91994b1fa8dc06
Score

1^/10
behavioral11 behavioral12
- Target
  
  tool-boost-funk-boost/install.cmd
- Size
  
  1KB
- MD5
  
  855d939ccba31eea9642590da637b185
- SHA1
  
  c776222f87406ebaf15b8907808623e4f5624d0c
- SHA256
  
  df728f23ff74320e4cf317c33470602f160132aecff1416692b403d3ab17062d
- SHA512
  
  9dd853e8f1cba2ebc87ccee3ea391cc2517e842c94d201bb3232e6b16177feebb35daf078d41da5fc3fb2377d7246750dfc61c707cb9d160a4f9ebeba50c3936
Score

10^/10
- Blocklisted process makes network request
behavioral13 behavioral14
- Target
  
  tool-boost-funk-boost/keyauth.py
- Size
  
  20KB
- MD5
  
  c157a5496487354c7015572e8d69a0a2
- SHA1
  
  acc9cba96bb1338e15054df5b21a77615146ea3e
- SHA256
  
  4a07961411041bb06b08fd35b46e3f6814c7754f4629d689142d4da7d7424069
- SHA512
  
  5f775dcb30d6e01b63b88915873b9c76676601aac843ba5ba13f82a7ed1441237ff97a6d7092ebdff8e0545acc15b4542371d29fc22dfb9a7fa434f2a1bd1ad6
- SSDEEP
  
  384:BwzmXsqos8E0bA8vKhi/IExArtnAwmNCtXD2xC1RDcFinlvRElXAKblNK0WaMJQI:BwzmXsqos8E0bA8vKhi/IExArtnAwmNQ
Score

3^/10
behavioral15 behavioral16
- Target
  
  tool-boost-funk-boost/module.txt
- Size
  
  1KB
- MD5
  
  e04af783385386d7586121bca77c02cf
- SHA1
  
  51943861c301779b65fd43e42965be4228377e79
- SHA256
  
  e54e73b7db62518246a003876e700b3f8f94a66e1c9e2bf159845911b37a974b
- SHA512
  
  a2b49cb3e90704b710f904433a89541a4b6386612f24eb8e072697cda10aead2330b7dafd21028eead7109b58381692563f49a5b9a51f4dcc9d98b6c332c872b
Score

1^/10
behavioral17 behavioral18
- Target
  
  tool-boost-funk-boost/start.bat
- Size
  
  304B
- MD5
  
  57e40f471c7f83b49f8c0f5ad7d51984
- SHA1
  
  fd23d49f1d6bc0b159e0630a07ef6b9c7a4f70ed
- SHA256
  
  30106881ca3c6d9aa425dce7242d35aa04e12bfd01e3082817be9492c5a6779b
- SHA512
  
  4a9682e72eb0ac5b21e1246fc6f3bab4b3c76e4c7826c1a871dcbdc179664c48847e4e9f7588edbcd4622bb151db4ffae7db539c37ba669a29f6a5c264fcadb9
Score

10^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20