a86edf061b514b22ec2a82f098f714e90ef2d666356b1a98b03d68913c10fdba | Triage

Submit
Reports

Overview

overview

Static

static

8806AF5FA3...69.exe

windows7_x64

8806AF5FA3...69.exe

windows10_x64

8

Sharing

General

Target

iobituninstaller.exe
Size

25.5MB
Sample

211020-a5824ahddp
MD5

5e3c8ea508404bc2fc65cff764c692f6
SHA1

2ed603496538b31cb1f5872a73bf0350fb92580d
SHA256

a86edf061b514b22ec2a82f098f714e90ef2d666356b1a98b03d68913c10fdba
SHA512

78565edb83cf9ba27ef937141fead07e7d471be25876fe09f2a14d2d6674509f7115762d59d9df388d7509cf4e369b389f8af63fbd0bb0bd13280f815c745278

Score

10^/10

adware discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8806AF5FA34A00C0794A648B59C710C269708E61892E14FA897A102CC56ACE69.exe

Resource

win7-en-20210920

adware discovery evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8806AF5FA34A00C0794A648B59C710C269708E61892E14FA897A102CC56ACE69.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8806AF5FA34A00C0794A648B59C710C269708E61892E14FA897A102CC56ACE69
- Size
  
  25.6MB
- MD5
  
  98be153d60aa51f5c8f447f689d74c69
- SHA1
  
  946f62d0ff65e3fba5b3e26dbbb5fcc1f62cb016
- SHA256
  
  8806af5fa34a00c0794a648b59c710c269708e61892e14fa897a102cc56ace69
- SHA512
  
  29f696f7bd27a6832e717b60615169c9846a9a35ace479eabc1c29503c159d3d97302df3ca31e25a436abe0b5eaaf3fa7035deee31bc031bac03bae7da801c32
Score

10^/10

adware discovery evasion persistence spyware stealer trojan
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Stops running service(s)
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Modify Existing Service

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

adwarediscoveryevasionpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy