Overview

overview

8

Static

static

3

268f0b8058...11.exe

windows7-x64

8

268f0b8058...11.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    268f0b80587f93f6f62189837f60701bcb2a287b9c9cb57816c6ba39b60f7511

  • Size

    160KB

  • Sample

    241014-ylcfsatbke

  • MD5

    046569015a20f20f7b650d90d74f09c1

  • SHA1

    a46cc46e325c353726c362b47b75b1caee0b0b1a

  • SHA256

    268f0b80587f93f6f62189837f60701bcb2a287b9c9cb57816c6ba39b60f7511

  • SHA512

    cd9338b069e00eb2f7273586efa7bac109f32fc36156e3232c14f02120e9ecbd0126155801e034c7ee2be849e3aeba176df0d514a171d3e05e31fa16c643ec6b

  • SSDEEP

    1536:MRiAXaKD5gixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:6iAXaKD7Ia6KTdNAbzSGiN0OJ

Score
8/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      268f0b80587f93f6f62189837f60701bcb2a287b9c9cb57816c6ba39b60f7511

    • Size

      160KB

    • MD5

      046569015a20f20f7b650d90d74f09c1

    • SHA1

      a46cc46e325c353726c362b47b75b1caee0b0b1a

    • SHA256

      268f0b80587f93f6f62189837f60701bcb2a287b9c9cb57816c6ba39b60f7511

    • SHA512

      cd9338b069e00eb2f7273586efa7bac109f32fc36156e3232c14f02120e9ecbd0126155801e034c7ee2be849e3aeba176df0d514a171d3e05e31fa16c643ec6b

    • SSDEEP

      1536:MRiAXaKD5gixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:6iAXaKD7Ia6KTdNAbzSGiN0OJ

    Score
    8/10
    bootkitdiscoverypersistencespywarestealer

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.