General
-
Target
Bootprotected.exe
-
Size
19.1MB
-
Sample
240822-pzc5sszgrn
-
MD5
d43a35cad32ed44fd0dbd33ce37b336d
-
SHA1
20184bcf53ca7ac4dba91d4ed3dbb3b2667e1d5e
-
SHA256
846d9455f88b5f86d0234510a05fb75bffdbb3111e523eca6b8aeddf744ccca7
-
SHA512
a858ebfb4f1d0f64914e779fc423cdf9f93e1af7a7862b8af1e888ad585f6ba093b7809a45b8c318050a1af0660f0900612de0255be92eb21e6f218127022d65
-
SSDEEP
393216:aZ4k9ao9Dvafl7v5tve+7/pWbm5RDHspriWdp9w0P5Yj6Hm:aZLp97afl7vDve+7/pWafnOvKj6G
Malware Config
Targets
-
-
Target
Bootprotected.exe
-
Size
19.1MB
-
MD5
d43a35cad32ed44fd0dbd33ce37b336d
-
SHA1
20184bcf53ca7ac4dba91d4ed3dbb3b2667e1d5e
-
SHA256
846d9455f88b5f86d0234510a05fb75bffdbb3111e523eca6b8aeddf744ccca7
-
SHA512
a858ebfb4f1d0f64914e779fc423cdf9f93e1af7a7862b8af1e888ad585f6ba093b7809a45b8c318050a1af0660f0900612de0255be92eb21e6f218127022d65
-
SSDEEP
393216:aZ4k9ao9Dvafl7v5tve+7/pWbm5RDHspriWdp9w0P5Yj6Hm:aZLp97afl7vDve+7/pWafnOvKj6G
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1