Overview

overview

7

Static

static

1

GotoHTTP.exe

windows10-1703-x64

Resubmissions

14/09/2024, 16:21

240914-ttxz8stdpf 6

14/09/2024, 16:21

240914-ttl8qsshjr 6

14/09/2024, 11:16

240914-ndcrga1bkj 7

13/09/2024, 18:55

240913-xkts1atbld 10

13/09/2024, 18:46

240913-xe1dlasgna 10

13/09/2024, 18:30

240913-w5rnpsscpb 10

13/09/2024, 18:13

240913-wtsfvs1gka 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gotohttp.zip

  • Size

    1.2MB

  • Sample

    240914-ndcrga1bkj

  • MD5

    2121d851176dd98f7e1f11d0f66ddb95

  • SHA1

    a6496cc6f71c5b8a1abe4f0d2809a93862a15f20

  • SHA256

    c2094496f601ba3d32f71b98cfc264bb4565db59f35ba8611f15378879f11b89

  • SHA512

    fefec02ea316711ea5e6fe3c833ef922b018262f6639cc8777eac8c45f838b7822ad438a3116824551a457352bf0447a4847e7496282f0b52468ad63462d3478

  • SSDEEP

    24576:2JuVLoe3YRZ2EHHrrh1V295GmtV6k6hZLSitQF/SWUTLo+myAsUmRO/y6F8rdt/H:B6c+Hrt3ugm+kgLSVmLokUjnMdtoG

Score
7/10
bootkitdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      GotoHTTP.exe

    • Size

      2.7MB

    • MD5

      9c2aeb99843094262e5038fd152a7db1

    • SHA1

      7596f6274f2ac19d4d1df5a718a561acfd730d3c

    • SHA256

      b1a74465a8c446d1b86d5984defdc18c9c06ad6107b7eb147f37df9b78cda104

    • SHA512

      6954589cf045cf93cc0ed486fca70f20f02781129297852cc92f25e9b50c446805dca8e724b953b8aa8da123f5e67d159625f1cc9e8a96085b52f44b3c8a4347

    • SSDEEP

      49152:P2oh8doKrZmeR5B1qf5LVohWStiOtg01HTulXG:wZmenaVohWSsOtg0wQ

    Score
    7/10
    bootkitdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

3
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

5
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks