33dc853be9571e4fddcb07ab14fb1d1364394b8904eff403a04129a0efc49c81

Sharing

Copy URL

Twitter E-mail

General

Target

BoostBotSell.rar
Size

16.4MB
Sample

250214-ctpv7azkgt
MD5

21ef1e69b71dc155a733431adc931d22
SHA1

48969bf6461ddd459a8a80ce853ef430fb39cf23
SHA256

33dc853be9571e4fddcb07ab14fb1d1364394b8904eff403a04129a0efc49c81
SHA512

d57ecf799f6b23d64437a7cbfce007b7c14cda47dda22a5e5ac341bd0bf658d2f5f975462039e59934f1212a45c5846df9db8e2378284121822afb3ea4588135
SSDEEP

393216:kj8ZbX6ERnGrk2Du+ilETd9ieVljRzai27nyMilUxgFa81oU1:kSVcrfy7lid97LJaiAR38H1

Score

8^/10

Malware Config

Targets

- Target
  
  BoostBotSell.rar
- Size
  
  16.4MB
- MD5
  
  21ef1e69b71dc155a733431adc931d22
- SHA1
  
  48969bf6461ddd459a8a80ce853ef430fb39cf23
- SHA256
  
  33dc853be9571e4fddcb07ab14fb1d1364394b8904eff403a04129a0efc49c81
- SHA512
  
  d57ecf799f6b23d64437a7cbfce007b7c14cda47dda22a5e5ac341bd0bf658d2f5f975462039e59934f1212a45c5846df9db8e2378284121822afb3ea4588135
- SSDEEP
  
  393216:kj8ZbX6ERnGrk2Du+ilETd9ieVljRzai27nyMilUxgFa81oU1:kSVcrfy7lid97LJaiAR38H1
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2
- Target
  
  BoostBotSell/install.bat
- Size
  
  135B
- MD5
  
  cfdd23d467f70c2b97d86a534f745413
- SHA1
  
  fefdbf3124fe53483c305dd14548665014535d99
- SHA256
  
  e710bae129a263ef319ae32ca255f87733a5ad5dd3dd190fa52042f207827296
- SHA512
  
  9655dc7c2123bb1988abd548c2ff3a3b8744ba756c191e82ce36669a506feb5500295a9a4e71be54565fd4bae3e2a908abbf62ecf088ef4ab687bc946f260427
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral3 behavioral4
- Target
  
  BoostBotSell/main.exe
- Size
  
  16.4MB
- MD5
  
  fbcbebbbe48bd23f5e033ba269de7775
- SHA1
  
  f26677336a5cdf9dd0317e0eac1eb96f910aad01
- SHA256
  
  853d2a54bdc7acbd21f2f6b513dc0cd5ccff02b2020546a23ab1b5aaa0e84931
- SHA512
  
  7bc3ed7c4a6a537108d06c65a75ab7fafe729ad78bf15d195619708d83be17b0d8a41273938923c795ecce35a5caa494055c2088d610c035a463a84f50c87d76
- SSDEEP
  
  393216:OhQ1Qtc7CEDmlh2p+ZkJTNsu0/3t4Ugj1W:O8Qa7CEDUQp+Zkk5
Score

8^/10

discovery
- Downloads MZ/PE file
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  main.pyc
- Size
  
  16KB
- MD5
  
  cec9bf91a2653768529acd2e126912de
- SHA1
  
  3936ed717181f9996236bb52f5ebd67a1bdccdee
- SHA256
  
  eacf70a1cd705367ec2d63fc0b2adb5956825fb13a8800aae442e691f96c92ea
- SHA512
  
  3a20be069d785f2969023483855ebcd30afadef839a6bcb7c7c8ced908c366b2ea93c569ce52681eec1cb94c3de0f3f136ce231b132328b4acf6ee9ada96e69b
- SSDEEP
  
  192:jL0aKC3o7mFyhG8AuZTYQHdFK518GKPSJQpMd0Zv0BAiHzAvzDHepSE2DIgst:Hzy7xh2uVYqE518GKKJ4LA/A0gI
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7 behavioral8
- Target
  
  BoostBotSell/pytransform/__init__.py
- Size
  
  13KB
- MD5
  
  58eb86eef7db4dd2a4e2ec8f52bd7521
- SHA1
  
  858e8e7966a3c1756be1df24c81673b2c5e8e288
- SHA256
  
  380c08b75906042d18e73b0d2654eb03043098984caa27ab454548fd93a3aa08
- SHA512
  
  f0938d52fb19df5263302abba8ef9af1a4e0e80a40e7415ff82a5ab3c260eec251eeb890d0ececba7044b7d86c3b67da5b6499dce05ec8ddf591d162d29c6aa0
- SSDEEP
  
  192:sIRqMEqbHCTMRNpyRW3T+3JbgDIFRuJFX9d1X2wiQvZh7kELPJdhGbc8/SHRl3RJ:sFwfIuXFXZNjlh8c
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral10 behavioral9
- Target
  
  BoostBotSell/pytransform/__pycache__/__init__.cpython-39.pyc
- Size
  
  11KB
- MD5
  
  65964c3ddfb3b18381202d1479e675a5
- SHA1
  
  d88d88725592012b6675c08e6ed66c2cc1f7cfcf
- SHA256
  
  c7b2417f6734caa7edd20737bcec3578f2cd676bb5ca1a88000604cf528e8433
- SHA512
  
  4f5b5a594de0cec38fa29687c6c0d1608a32a5ce67376c89222c06d0e7e28f5d1731dc24d3039300082c0039a4e196de34ea996d1f010e7e01f4e715b7112edc
- SSDEEP
  
  192:zQ8jNNSxHry+RJ+mXQWI7Gptxv4yqbSP8HsmL/gHvzrzhzwgK:k8qRD2glRpLv4yq2P8sPzrzo
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral11 behavioral12
- Target
  
  BoostBotSell/pytransform/_pytransform.dll
- Size
  
  1.1MB
- MD5
  
  88e3acb88b6ee62979d833cffe03bc58
- SHA1
  
  090300946506a5a4acb44a9d202eaec58b4de271
- SHA256
  
  3ffb5a714a87f3f790621a8e94b71e614c24a60097d592d8211c2682caa1d1ed
- SHA512
  
  748d4c173678305c79c7c471428cf27ac38408bbb5791e3e33760a533ebb9dbc85d75b6ca3a71a28653621239302c883eef7157cb9f7a05e347bc598a22757d3
- SSDEEP
  
  24576:0IGAamncZzdcZ7fUoPPEMz/0n71enodvQa90:EAamncge7zvP9
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral13 behavioral14
- Target
  
  BoostBotSell/readme.txt
- Size
  
  1KB
- MD5
  
  6f78634bad86ad23046ecc5e7cd1eb98
- SHA1
  
  55a1cb43abc7cfebac88441013719bc68b62da95
- SHA256
  
  ffb1ca7268b86a355ebfd6932a0860cba110f49d4cf4e4d2e157b6cc644954c6
- SHA512
  
  fc87748be08df77560238aa7f4b2093b733fa513e562530977a5e76f8e569557e2e346ee3413d6c7339c356b4d63705a884a5e1056412dd9e80af77c9393217f
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral15 behavioral16
- Target
  
  BoostBotSell/requirements.txt
- Size
  
  50B
- MD5
  
  5bbaf88c492e630baefb70a2c0c1d73f
- SHA1
  
  14d0582ec810e8d28f01a0f13b4a91c3c3e652fa
- SHA256
  
  904df6b144d8aed83fc5972e73b42673f4e983f40f4deb8b58ecb90fbd344f5c
- SHA512
  
  f645f68e3249b345b285eab65a5b353bb1ea4c39c12da294b2043367549bcaddb9be01dc5dd2ff9cf1cceaad07b472d6359fbff65952b90c4f396fff155fbb73
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral17 behavioral18
- Target
  
  BoostBotSell/settings.json
- Size
  
  190B
- MD5
  
  c09fcb7c4fabcaa902c202895fa4eca1
- SHA1
  
  d96f18434012dd612a97263729789a1c0e7cb537
- SHA256
  
  5a3873cd24c0c6a847138ad15289f175e969e2ff405d8c765b67bd93a7f10afc
- SHA512
  
  85e663416be537d5059236839d0ef6bfe2d11f3a4330808108021a16205cf77098ff6c202a6338202d64776a413e29c431cd6a57b74cbde9e140016dedee073d
Score

8^/10

discovery adware persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  BoostBotSell/todobeforestart.txt
- Size
  
  996B
- MD5
  
  64e6136a80dc5f49484bd53b7ad71d0e
- SHA1
  
  d667d6457c844dc0dac82a1d07b9398e415f8a35
- SHA256
  
  ea47be6555d921c3e52d2e47e9b5c204d0afddff6d621057033dd1c6c776507a
- SHA512
  
  cd6ec58b48bb379d23c06e8783f8f4e559984b3dbd519f3f256b7cb60f3fc998066b57c68ec37e18c399ab42d9dbda044d56959a790df7503f426f8939291b03
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral21 behavioral22
- Target
  
  BoostBotSell/used.json
- Size
  
  2B
- MD5
  
  99914b932bd37a50b983c5e7c90ae93b
- SHA1
  
  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
- SHA256
  
  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- SHA512
  
  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral23 behavioral24