03c35fcb1d10cf478c0b9896699937e6e262daa4f4a4353a7cc56b238fe86892 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

spsetup133.exe

windows7-x64

6

spsetup133.exe

windows10-2004-x64

7

Sharing

General

Target

spsetup133.exe
Size

18.0MB
Sample

241206-ypyhesvjdt
MD5

b86b975448d0b27727ac9c849318cbf2
SHA1

938c2d249c9bf7978b4828b9028b95b122ceefc3
SHA256

03c35fcb1d10cf478c0b9896699937e6e262daa4f4a4353a7cc56b238fe86892
SHA512

3c82955edde3f45fb45875223253351fe1938f58a307a4f7bc85a3971a5a92cddecd3d2bef31ccc60e233eb8a532ed4ab0f1708384cc4db91c02255e832a698d
SSDEEP

393216:vAfGg4AOfBzN0sIPREFXSIqGiAINgIF/x5kfSY1PfMhKokebZyjzJ:vAfGg4A+NN0xWoI2g+S6GPfMwovM

Score

7^/10

bootkit discovery evasion lateral_movement persistence phishing spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

spsetup133.exe

Resource

win7-20240708-en

bootkit discovery evasion lateral_movement persistence spyware stealer trojan

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

spsetup133.exe

Resource

win10v2004-20241007-en

bootkit discovery evasion lateral_movement persistence phishing spyware stealer trojan

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  spsetup133.exe
- Size
  
  18.0MB
- MD5
  
  b86b975448d0b27727ac9c849318cbf2
- SHA1
  
  938c2d249c9bf7978b4828b9028b95b122ceefc3
- SHA256
  
  03c35fcb1d10cf478c0b9896699937e6e262daa4f4a4353a7cc56b238fe86892
- SHA512
  
  3c82955edde3f45fb45875223253351fe1938f58a307a4f7bc85a3971a5a92cddecd3d2bef31ccc60e233eb8a532ed4ab0f1708384cc4db91c02255e832a698d
- SSDEEP
  
  393216:vAfGg4AOfBzN0sIPREFXSIqGiAINgIF/x5kfSY1PfMhKokebZyjzJ:vAfGg4A+NN0xWoI2g+S6GPfMwovM
Score

7^/10

bootkit discovery evasion lateral_movement persistence spyware stealer trojan phishing
- A potential corporate email address has been identified in the URL: 67C716D751E567F70A490D4C@AdobeOrg
  phishing
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Remote Services

SMB/Windows Admin Shares

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionlateral_movementpersistencespywarestealertrojan

behavioral2

bootkitdiscoveryevasionlateral_movementpersistencephishingspywarestealertrojan

© 2018-2025

Terms | Privacy