General
-
Target
boost tool_latest_version.zip
-
Size
11.5MB
-
Sample
250109-xw995axrhy
-
MD5
c7405d28f5c740d20390846aa45c3a5d
-
SHA1
fe1c43fa7b96c4913eba32246f32db3ac9eae533
-
SHA256
55d32ca2da11d82e48e8a76a71cf3a09d9b2b953c27b1f75b560f1724f90f6d6
-
SHA512
4e1e2231e5af1d4e9ae537aabc109fb538df7247c971f1f46589d93fa60bd12ceb0b707f0c4c94efbd305ff74d9bfc342ef3242a011a992609ef0429102e7d74
-
SSDEEP
196608:qSi0sbGCcAnB+rj+6YND5IIR7k5LCk2c2YysLGKMmY2HfMuHtNdVSRoDn/BLa:qSidbnQru2IRwVtysL+mY2/dHtNdsKZm
Behavioral task
behavioral1
Sample
boost tool_latest_version/boot tool.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
IuA��3.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
boost tool_latest_version/settings.json
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
boost tool_latest_version/boot tool.exe
-
Size
11.6MB
-
MD5
29a04844117792baa204b2f77106ed5d
-
SHA1
d858fd7e342d5c60aa85eb445e7d13e97ab6723e
-
SHA256
25d2a46bc4886e98fe0beae4814518d2c0b7bb1d5f3952302f79795a2b5c1ba1
-
SHA512
d7be2debcda166e5e9e33b237bafb9649077f52d28997ce13b8959128bafcfb0f7ee92877aac4e0f35cdf354585a5a302833ccaf7aa3f6d93478e4918543d007
-
SSDEEP
196608:SCYShEiU5vi5HuUYBDfWgtlA5RsO5ne0COshoKMuIkhVastRL5Di3uV1DVF:zYSyC5cSgtS7OOshouIkPftRL54u3F
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
IuA��3.pyc
-
Size
1KB
-
MD5
55a09cfad00e668c3196bb6f41e20ee1
-
SHA1
48fd539add20e46802724552eeec999454995474
-
SHA256
96307b0b760664200aa02e1fccbb918dccb985762b6a0f784ab773f6eaf0ec65
-
SHA512
95e732d9ff1543b00ae8c0fddd78fa869c0b794be3afc0015f9823e7d675a351910dc78892fadc967baea7801839cfda47deab67d463fde6c95fdd5319d23156
Score1/10 -
-
-
Target
boost tool_latest_version/settings.json
-
Size
721B
-
MD5
eef8e8fb0a959106dc6016e13f1f21b6
-
SHA1
f4451852e4d179d582b886bf1d94c8e9c94a010e
-
SHA256
d3f0e9547372a34b8a8ebc89d56416ce893d675fdc9232f7eec0b6accaea0ad6
-
SHA512
df68d615dcfff10cf0c1f732df098b8982479cc6cd39589c780e9d80dd94e60894141f0f607072548e6f2d32b88390db6986f3416c66cd272e4ed3ac5c8c3ef1
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3