c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

c6a66948ef...e3.exe

windows7_x64

8

c6a66948ef...e3.exe

windows10_x64

9

Sharing

General

Target

c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3
Size

100KB
Sample

210515-xxbkqvr22e
MD5

c33770fdada907031d790c43aae7ecea
SHA1

133e1bc3cafd8a87f18ba2ad9ff8b6e41af0c798
SHA256

c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3
SHA512

790c35b264c63816c82e71f392eeb85a973706c2616962785388abb6b46ab35a7782fac32d800801ff5244988eadd7ca1d130f3f281f8e1d776f7b8ad32ffec8

Score

9^/10

adware evasion persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3.exe

Resource

win10v20210410

adware evasion persistence stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3
- Size
  
  100KB
- MD5
  
  c33770fdada907031d790c43aae7ecea
- SHA1
  
  133e1bc3cafd8a87f18ba2ad9ff8b6e41af0c798
- SHA256
  
  c6a66948ef92ee193874e5682143b5845728bf06479d2ebcac4761d51f081ce3
- SHA512
  
  790c35b264c63816c82e71f392eeb85a973706c2616962785388abb6b46ab35a7782fac32d800801ff5244988eadd7ca1d130f3f281f8e1d776f7b8ad32ffec8
Score

9^/10

persistence adware evasion stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwareevasionpersistencestealerupx

© 2018-2024

Terms | Privacy