Overview

overview

10

Static

static

8

37fc7d6919...3d.exe

windows7_x64

10

37fc7d6919...3d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37fc7d6919b0996308cc463142b2cc18fe981700df56881d6dcaee9578f94d3d

  • Size

    920KB

  • Sample

    210517-725jvln1q6

  • MD5

    e804137d656f1a51cccb970273d85bee

  • SHA1

    1fb1510d70307748cb100f547b2e6ba64f4697fd

  • SHA256

    37fc7d6919b0996308cc463142b2cc18fe981700df56881d6dcaee9578f94d3d

  • SHA512

    1d6d5105f2ffb3ac6f0adbdda4bdc7807ca52a3cbf39a57f358f8735932904f2dcc69dcbce517ac91657321449431d9d6326c65219ee52fd591130795d9e145b

Score
10/10
adwarepersistencestealerupx

Malware Config

Targets

    • Target

      37fc7d6919b0996308cc463142b2cc18fe981700df56881d6dcaee9578f94d3d

    • Size

      920KB

    • MD5

      e804137d656f1a51cccb970273d85bee

    • SHA1

      1fb1510d70307748cb100f547b2e6ba64f4697fd

    • SHA256

      37fc7d6919b0996308cc463142b2cc18fe981700df56881d6dcaee9578f94d3d

    • SHA512

      1d6d5105f2ffb3ac6f0adbdda4bdc7807ca52a3cbf39a57f358f8735932904f2dcc69dcbce517ac91657321449431d9d6326c65219ee52fd591130795d9e145b

    Score
    10/10
    adwarepersistencestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies system executable filetype association

      persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks