0d31468dca0717410ff390c54b88f47f672502ecd9189a2b1c1693658a8ab8a1 | Triage

Submit
Reports

Overview

overview

Static

static

Acsc-Joint...rs.msi

windows7_x64

Acsc-Joint...rs.msi

windows10_x64

Sharing

General

Target

Acsc-Joint-Planning-Jpex-Answers.7z
Size

1.6MB
Sample

210926-vjjwasfafp
MD5

00ac4443be6ad0ba8caba81f52c34dff
SHA1

509b54654e838b1346b5fdb50f108ecd10bc8288
SHA256

0d31468dca0717410ff390c54b88f47f672502ecd9189a2b1c1693658a8ab8a1
SHA512

21ef416e959955de8f3abb534c21bac14a00978e8405a656f378453be62f1326efdba9e00aa9c99b36c75a27b93eb99fa2bc9be9ba402125aa8c2a6eb1310cf3

Score

10^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Acsc-Joint-Planning-Jpex-Answers.msi

Resource

win7-en-20210920

adware discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Acsc-Joint-Planning-Jpex-Answers.msi

Resource

win10v20210408

adware discovery persistence stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Acsc-Joint-Planning-Jpex-Answers.msi
- Size
  
  108.5MB
- MD5
  
  82dbf0d2b49de42dc700df7c96b41eb1
- SHA1
  
  509c08fd9805cf2034fec547c0fc962423a96a3b
- SHA256
  
  7ada6e666c34aacaf7c93d11ca2e563ec53da37fb23a181631809d0d5ef14387
- SHA512
  
  3d256fba291eb2f4a81ef53d8db8a333f3fb26a9a2c90e3c28bb0a944dc8bba2a2c8902232b14e6a9debdf93a2ff100faabb2be2053aac7fc2ccbdbd2f98fc83
Score

10^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Registers new Print Monitor
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2024

Terms | Privacy