General
-
Target
boosttool.exe
-
Size
17.8MB
-
Sample
241027-t9rhdsxkgp
-
MD5
15eb3faa3bbf403431ef6fba76a31fba
-
SHA1
93ebb4f64459b2b4fd646d9976e8381546d6267a
-
SHA256
6ce143b78d8f6163cdebca6c3a13877efda7337c14ffe5b50faf431eb77def56
-
SHA512
db2572ef55b247a26d2d4e92253d470009a3b23818c929b1cdde1227c511098aadb43a443dc89213163cf950d23475129a943d00dde1be9a6f9509147908713a
-
SSDEEP
393216:gqPnLFXlr2Q+DOETgsvfGMMg38gvEusDJmDaq:hPLFXN2Q/EM+8ZxDu
Malware Config
Targets
-
-
Target
boosttool.exe
-
Size
17.8MB
-
MD5
15eb3faa3bbf403431ef6fba76a31fba
-
SHA1
93ebb4f64459b2b4fd646d9976e8381546d6267a
-
SHA256
6ce143b78d8f6163cdebca6c3a13877efda7337c14ffe5b50faf431eb77def56
-
SHA512
db2572ef55b247a26d2d4e92253d470009a3b23818c929b1cdde1227c511098aadb43a443dc89213163cf950d23475129a943d00dde1be9a6f9509147908713a
-
SSDEEP
393216:gqPnLFXlr2Q+DOETgsvfGMMg38gvEusDJmDaq:hPLFXN2Q/EM+8ZxDu
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
eb9dc4754d9f71704d6e8bd464c27516
-
SHA1
7a95624ff8512e3baaa597418379530db660669e
-
SHA256
ac504f690d2524a3d479400a52c0b830f7926e37bad98ba30dacb4ac8eaf3de4
-
SHA512
6bf98996e64f024ce2ca677e56524bef35801ce72935d4f12c75b87f0dee32a37574798835b7da169599ec2da68c4db5810b263fa6afb73b144ce5babb2f5bc0
-
SSDEEP
192:wINZXxGW6GOD82s84WdXwbaikTHr1JhwkcUuMdwtnw:vDrQ6WuOLb2XLPtw
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1