Overview

overview

10

Static

static

8

5e62cc31bf...30.exe

windows7_x64

10

5e62cc31bf...30.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e62cc31bf498c18f19b57276b21050b4bfcc77ec72deff4a44eea5318018a30

  • Size

    607KB

  • Sample

    210517-h5el3jtqfe

  • MD5

    966806cb7b0d2ae8b570cc370e3ebe47

  • SHA1

    b0a3eb3b116a60ed67be046c52f2419e257a04b8

  • SHA256

    5e62cc31bf498c18f19b57276b21050b4bfcc77ec72deff4a44eea5318018a30

  • SHA512

    ddb906b23c3181a7d174b25414e89d615ff483a8d6e822eadbe8fd90e31ebbfb14eb2cc15632cab4c58b4d051a13ad3b9c53bbb8ce9aa17c6a77bbdfa5dbfa71

Score
10/10
adwarepersistencestealerupx

Malware Config

Targets

    • Target

      5e62cc31bf498c18f19b57276b21050b4bfcc77ec72deff4a44eea5318018a30

    • Size

      607KB

    • MD5

      966806cb7b0d2ae8b570cc370e3ebe47

    • SHA1

      b0a3eb3b116a60ed67be046c52f2419e257a04b8

    • SHA256

      5e62cc31bf498c18f19b57276b21050b4bfcc77ec72deff4a44eea5318018a30

    • SHA512

      ddb906b23c3181a7d174b25414e89d615ff483a8d6e822eadbe8fd90e31ebbfb14eb2cc15632cab4c58b4d051a13ad3b9c53bbb8ce9aa17c6a77bbdfa5dbfa71

    Score
    10/10
    adwarepersistencestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies system executable filetype association

      persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks