d5ab021d5a9422f9e7c827f775f4dfeb359fd68a05b190ad2f3d6a5f4f36574e | Triage

Submit
Reports

Overview

overview

Static

static

1

SFTPDriveV2.exe

windows10_x64

Sharing

General

Target

SFTPDriveV2.exe
Size

5.1MB
Sample

210605-ynwwxpdbb6
MD5

db66db7b975cedd56a96234798aa7886
SHA1

29eb9ea10b67b57e88ab247b922bf22d5d3017fb
SHA256

d5ab021d5a9422f9e7c827f775f4dfeb359fd68a05b190ad2f3d6a5f4f36574e
SHA512

6b72ab87af0f31788fbb419ef8398b7aeefaa7d78237b5d15f3a814f0f696afd803093d9095cece3b4232e2720b65cc94eff5ac3293da1424d389bae5ecda2b7

Score

10^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

SFTPDriveV2.exe

Resource

win10v20210410

adware discovery persistence stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SFTPDriveV2.exe
- Size
  
  5.1MB
- MD5
  
  db66db7b975cedd56a96234798aa7886
- SHA1
  
  29eb9ea10b67b57e88ab247b922bf22d5d3017fb
- SHA256
  
  d5ab021d5a9422f9e7c827f775f4dfeb359fd68a05b190ad2f3d6a5f4f36574e
- SHA512
  
  6b72ab87af0f31788fbb419ef8398b7aeefaa7d78237b5d15f3a814f0f696afd803093d9095cece3b4232e2720b65cc94eff5ac3293da1424d389bae5ecda2b7
Score

10^/10

adware discovery persistence stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Registers COM server for autorun
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Shared Task Scheduler registry keys
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

© 2018-2024

Terms | Privacy