Overview

overview

10

Static

static

8

c9a9ed2600...d5.exe

windows7_x64

10

c9a9ed2600...d5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9a9ed260024bc8fafa06f3346c57d4eb315f009674bc8cf703e033b86ce27d5

  • Size

    1.0MB

  • Sample

    210518-3aasvp5786

  • MD5

    d623fd90e78678d98726085df4c9e545

  • SHA1

    de2a16409e2eebef7f96a00b4cd202669a385920

  • SHA256

    c9a9ed260024bc8fafa06f3346c57d4eb315f009674bc8cf703e033b86ce27d5

  • SHA512

    a001182a61e20bf2adb859e9da6b195d55c40501669070897edbeb43e0cb3fd151dfa32ad61ac766f74e2f91b2f79fa0a7ffe3c3d15fc646e2e1388d4b979bef

Score
10/10
adwarepersistencestealerupx

Malware Config

Targets

    • Target

      c9a9ed260024bc8fafa06f3346c57d4eb315f009674bc8cf703e033b86ce27d5

    • Size

      1.0MB

    • MD5

      d623fd90e78678d98726085df4c9e545

    • SHA1

      de2a16409e2eebef7f96a00b4cd202669a385920

    • SHA256

      c9a9ed260024bc8fafa06f3346c57d4eb315f009674bc8cf703e033b86ce27d5

    • SHA512

      a001182a61e20bf2adb859e9da6b195d55c40501669070897edbeb43e0cb3fd151dfa32ad61ac766f74e2f91b2f79fa0a7ffe3c3d15fc646e2e1388d4b979bef

    Score
    10/10
    adwarepersistencestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies system executable filetype association

      persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks