General
-
Target
BoosterX.exe
-
Size
37.9MB
-
Sample
240625-t8knfstgkm
-
MD5
17afd7f581bfea1fab938cd12322b47b
-
SHA1
e6f23c799808055e997929ca1a88ffd9076586d9
-
SHA256
f67c4b50bb28f9dbf9bc47c8e67199f09d7e9fcb43d09d387dd44d2c0ec947c9
-
SHA512
667b767591058cb073116fdc54d1d298a043687731192d8c906280e2d1e23a7d80dcd93764dfdcbb85f626dd4db4de2db0698a9757c866a6594327acc1a7e602
-
SSDEEP
786432:8YS04r/qdtRcQdrXE9PHqKcQE/jJVrfwI701TG8M3nQBewouTtRLzl:8YSdr/q7I9vqKMJw1TGTQtNl
Behavioral task
behavioral1
Sample
BoosterX.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
BoosterX.exe
-
Size
37.9MB
-
MD5
17afd7f581bfea1fab938cd12322b47b
-
SHA1
e6f23c799808055e997929ca1a88ffd9076586d9
-
SHA256
f67c4b50bb28f9dbf9bc47c8e67199f09d7e9fcb43d09d387dd44d2c0ec947c9
-
SHA512
667b767591058cb073116fdc54d1d298a043687731192d8c906280e2d1e23a7d80dcd93764dfdcbb85f626dd4db4de2db0698a9757c866a6594327acc1a7e602
-
SSDEEP
786432:8YS04r/qdtRcQdrXE9PHqKcQE/jJVrfwI701TG8M3nQBewouTtRLzl:8YSdr/q7I9vqKMJw1TGTQtNl
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies boot configuration data using bcdedit
-