General

  • Target

    boost tool_latest_version.zip

  • Size

    11.5MB

  • Sample

    250109-xw995axrhy

  • MD5

    c7405d28f5c740d20390846aa45c3a5d

  • SHA1

    fe1c43fa7b96c4913eba32246f32db3ac9eae533

  • SHA256

    55d32ca2da11d82e48e8a76a71cf3a09d9b2b953c27b1f75b560f1724f90f6d6

  • SHA512

    4e1e2231e5af1d4e9ae537aabc109fb538df7247c971f1f46589d93fa60bd12ceb0b707f0c4c94efbd305ff74d9bfc342ef3242a011a992609ef0429102e7d74

  • SSDEEP

    196608:qSi0sbGCcAnB+rj+6YND5IIR7k5LCk2c2YysLGKMmY2HfMuHtNdVSRoDn/BLa:qSidbnQru2IRwVtysL+mY2/dHtNdsKZm

Malware Config

Targets

    • Target

      boost tool_latest_version/boot tool.exe

    • Size

      11.6MB

    • MD5

      29a04844117792baa204b2f77106ed5d

    • SHA1

      d858fd7e342d5c60aa85eb445e7d13e97ab6723e

    • SHA256

      25d2a46bc4886e98fe0beae4814518d2c0b7bb1d5f3952302f79795a2b5c1ba1

    • SHA512

      d7be2debcda166e5e9e33b237bafb9649077f52d28997ce13b8959128bafcfb0f7ee92877aac4e0f35cdf354585a5a302833ccaf7aa3f6d93478e4918543d007

    • SSDEEP

      196608:SCYShEiU5vi5HuUYBDfWgtlA5RsO5ne0COshoKMuIkhVastRL5Di3uV1DVF:zYSyC5cSgtS7OOshouIkPftRL54u3F

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      IuA��3.pyc

    • Size

      1KB

    • MD5

      55a09cfad00e668c3196bb6f41e20ee1

    • SHA1

      48fd539add20e46802724552eeec999454995474

    • SHA256

      96307b0b760664200aa02e1fccbb918dccb985762b6a0f784ab773f6eaf0ec65

    • SHA512

      95e732d9ff1543b00ae8c0fddd78fa869c0b794be3afc0015f9823e7d675a351910dc78892fadc967baea7801839cfda47deab67d463fde6c95fdd5319d23156

    Score
    1/10
    • Target

      boost tool_latest_version/settings.json

    • Size

      721B

    • MD5

      eef8e8fb0a959106dc6016e13f1f21b6

    • SHA1

      f4451852e4d179d582b886bf1d94c8e9c94a010e

    • SHA256

      d3f0e9547372a34b8a8ebc89d56416ce893d675fdc9232f7eec0b6accaea0ad6

    • SHA512

      df68d615dcfff10cf0c1f732df098b8982479cc6cd39589c780e9d80dd94e60894141f0f607072548e6f2d32b88390db6986f3416c66cd272e4ed3ac5c8c3ef1

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks