Overview

overview

8

Static

static

7

7e63d9480a...60.dll

windows7-x64

8

7e63d9480a...60.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e63d9480a707ee49490f753c57959a97b207212a668312dd7302df658452160.dll

  • Size

    128KB

  • Sample

    241120-dd9q4azdlp

  • MD5

    82b8e2d9302f9ddf403b5a7c608ab4b7

  • SHA1

    b2d7c36479fdec9065b4090159f1c22ce3ae78a6

  • SHA256

    7e63d9480a707ee49490f753c57959a97b207212a668312dd7302df658452160

  • SHA512

    199d62020dcef9b01cc688a5dda52598f276201bf75291010c2ff7588fd326393023c40faedcf1771180bc5cde51b5801ae4571b4c2a064680e6af2a686b8257

  • SSDEEP

    3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPX:18NcMxdLQ81amJMF7eKv

Score
8/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      7e63d9480a707ee49490f753c57959a97b207212a668312dd7302df658452160.dll

    • Size

      128KB

    • MD5

      82b8e2d9302f9ddf403b5a7c608ab4b7

    • SHA1

      b2d7c36479fdec9065b4090159f1c22ce3ae78a6

    • SHA256

      7e63d9480a707ee49490f753c57959a97b207212a668312dd7302df658452160

    • SHA512

      199d62020dcef9b01cc688a5dda52598f276201bf75291010c2ff7588fd326393023c40faedcf1771180bc5cde51b5801ae4571b4c2a064680e6af2a686b8257

    • SSDEEP

      3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPX:18NcMxdLQ81amJMF7eKv

    Score
    8/10
    bootkitdiscoverypersistencespywarestealer

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks