General

  • Target

    BoosterX.exe

  • Size

    37.9MB

  • Sample

    240625-t8knfstgkm

  • MD5

    17afd7f581bfea1fab938cd12322b47b

  • SHA1

    e6f23c799808055e997929ca1a88ffd9076586d9

  • SHA256

    f67c4b50bb28f9dbf9bc47c8e67199f09d7e9fcb43d09d387dd44d2c0ec947c9

  • SHA512

    667b767591058cb073116fdc54d1d298a043687731192d8c906280e2d1e23a7d80dcd93764dfdcbb85f626dd4db4de2db0698a9757c866a6594327acc1a7e602

  • SSDEEP

    786432:8YS04r/qdtRcQdrXE9PHqKcQE/jJVrfwI701TG8M3nQBewouTtRLzl:8YSdr/q7I9vqKMJw1TGTQtNl

Malware Config

Targets

    • Target

      BoosterX.exe

    • Size

      37.9MB

    • MD5

      17afd7f581bfea1fab938cd12322b47b

    • SHA1

      e6f23c799808055e997929ca1a88ffd9076586d9

    • SHA256

      f67c4b50bb28f9dbf9bc47c8e67199f09d7e9fcb43d09d387dd44d2c0ec947c9

    • SHA512

      667b767591058cb073116fdc54d1d298a043687731192d8c906280e2d1e23a7d80dcd93764dfdcbb85f626dd4db4de2db0698a9757c866a6594327acc1a7e602

    • SSDEEP

      786432:8YS04r/qdtRcQdrXE9PHqKcQE/jJVrfwI701TG8M3nQBewouTtRLzl:8YSdr/q7I9vqKMJw1TGTQtNl

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies boot configuration data using bcdedit

MITRE ATT&CK Enterprise v15

Tasks