9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2 | Triage

Submit
Reports

Overview

overview

Static

static

9f3f50841b...e2.exe

windows7_x64

8

9f3f50841b...e2.exe

windows10_x64

Sharing

General

Target

9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2
Size

108KB
Sample

210515-vbsjjzejna
MD5

cf508c5bd71982370a008fb731c0ef2a
SHA1

b77f6c9225fcf6ab8feb4feb4cb9f069d7298efe
SHA256

9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2
SHA512

1542e8c2ed74e9f8f7a133bec7bd3b98a8927513693b56c3516bf129469e8a11573f7d302bbb134b1aa6ca96ca2cb2b8308a38ed308af326279bffece9837811

Score

10^/10

adware evasion persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2.exe

Resource

win7v20210410

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2.exe

Resource

win10v20210410

adware evasion persistence stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2
- Size
  
  108KB
- MD5
  
  cf508c5bd71982370a008fb731c0ef2a
- SHA1
  
  b77f6c9225fcf6ab8feb4feb4cb9f069d7298efe
- SHA256
  
  9f3f50841b4d33938a0e25f1046596096324d6582d7f783ee10ad7b8ed9c43e2
- SHA512
  
  1542e8c2ed74e9f8f7a133bec7bd3b98a8927513693b56c3516bf129469e8a11573f7d302bbb134b1aa6ca96ca2cb2b8308a38ed308af326279bffece9837811
Score

10^/10

evasion persistence adware stealer
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

adwareevasionpersistencestealer

© 2018-2024

Terms | Privacy