0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318 | Triage

Submit
Reports

Overview

overview

8

Static

static

3ca6df4914...54.exe

windows7_x64

8

3ca6df4914...54.exe

windows10_x64

8

Sharing

General

Target

3ca6df4914385efd4ba9cd239b5ed254.exe
Size

4.5MB
Sample

201205-wygr8zgpvx
MD5

3ca6df4914385efd4ba9cd239b5ed254
SHA1

b66535ff43334177a5a167b9f2b07ade75484eec
SHA256

0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
SHA512

7951ab74ecd2ea26ed7bbcbc8bf34a770854a8fb009f256f93d72c705871b5a31c24153cc77581eec6544085cdbb51a170b2b7ef9f3f9139572b818d75424ca6

Score

8^/10

bootkit macro persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

3ca6df4914385efd4ba9cd239b5ed254.exe

Resource

win7v20201028

bootkit macro persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3ca6df4914385efd4ba9cd239b5ed254.exe

Resource

win10v20201028

bootkit macro persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3ca6df4914385efd4ba9cd239b5ed254.exe
- Size
  
  4.5MB
- MD5
  
  3ca6df4914385efd4ba9cd239b5ed254
- SHA1
  
  b66535ff43334177a5a167b9f2b07ade75484eec
- SHA256
  
  0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
- SHA512
  
  7951ab74ecd2ea26ed7bbcbc8bf34a770854a8fb009f256f93d72c705871b5a31c24153cc77581eec6544085cdbb51a170b2b7ef9f3f9139572b818d75424ca6
Score

8^/10

bootkit macro persistence spyware
- Executes dropped EXE
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- JavaScript code in executable
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitmacropersistencespyware

behavioral2

bootkitmacropersistencespyware

© 2018-2024

Terms | Privacy