9d7211ba7753498cefb940e68d58209cd4c8e68bb8b5a5a14cad34cc3dc914b6 | Triage

Submit
Reports

Overview

overview

Static

static

1

ฺฺฺK...ฺฺ

windows10_x64

Sharing

General

Target

fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412.zip
Size

18.9MB
Sample

201116-kmt2tkww7j
MD5

8727aa4f3fa0a123037d7e592fce5014
SHA1

127aa81a9230282bd045557c94afe14259ac6770
SHA256

9d7211ba7753498cefb940e68d58209cd4c8e68bb8b5a5a14cad34cc3dc914b6
SHA512

85871434e8934bf10705ca2a0c358ce43979f1656db9b0c33bbeb1b42cd637b51a1d55330ecdd665f19afc606dff33b4acfcfafdaae97be7ac70099cd0007c34

Score

10^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412.exe

Resource

win10v20201028

adware discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412
- Size
  
  19.0MB
- MD5
  
  ee71a41a6128096140e5e8785802919b
- SHA1
  
  e0599d38735a4867ae88e0f9362d017acf2a22fa
- SHA256
  
  fba8817602cb7dae175d9fec0900fbfd3e097aae4d32befaecd87d6e3fdb7412
- SHA512
  
  52cf74998a7ca51047a1a19569c7571703e61f9278a45e339b2e9c9ce8b679b8b15b3979a69382d889c6ad04fb8b7ea1b3137742b4037c1a621627065c7fbf7b
Score

10^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- JavaScript code in executable
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy