bf906145e00839621e5632c8432022dd23762de55cccfa3fcbe644f936fd7604 | Triage

Submit
Reports

Overview

overview

Static

static

downloadEdge.aspx.exe

windows7_x64

downloadEdge.aspx.exe

windows10_x64

Sharing

General

Target

downloadEdge.aspx.zip
Size

1.6MB
Sample

201105-j3b6gnnjw6
MD5

108b81767ecfbf87da91a60faebdb2ee
SHA1

8c311737e9c90be6946d1e35f79c40bc7050bbde
SHA256

bf906145e00839621e5632c8432022dd23762de55cccfa3fcbe644f936fd7604
SHA512

1d5bec5c0a583e3dfdca6c5b021ed05b57dbefd80ffb65eeca58df5e9fcaefa7ff5677c1236c491c19628d61218573ff219f8a5f88b9474b424bf575c00b5781

Score

10^/10

adware discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

downloadEdge.aspx.exe

Resource

win7v20201028

adware discovery evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

downloadEdge.aspx.exe

Resource

win10v20201028

discovery evasion persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  downloadEdge.aspx
- Size
  
  1.7MB
- MD5
  
  dfa73ca917f98543a9bb7b9c4fc7ce7b
- SHA1
  
  f1f09c8ae9fde06adf89b4e81122f2a3c7932e04
- SHA256
  
  90079d77ca8d7f487bc0a2bbcbafbe37aa89232925638ef866823887aca69c42
- SHA512
  
  e5c50a14d5752db87b470f7854f6722922e3337706a2281e1068dfec3a0b1db72cad5de4704c203e173a9cd7db761fce4412243756ebcdd3567c3f99a6270b3c
Score

10^/10

adware discovery evasion persistence spyware stealer trojan
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- JavaScript code in executable
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoveryevasionpersistencespywarestealertrojan

behavioral2

discoveryevasionpersistencespywaretrojan

© 2018-2024

Terms | Privacy