8e4ec19445eb1409c602b0956c196f4943189bfd2a4dc230d7cf31c3be4ae277 | Triage

Submit
Reports

Overview

overview

Static

static

72A4F42E3A...2B.exe

windows7_x64

72A4F42E3A...2B.exe

windows10_x64

Sharing

General

Target

IObit Uninstaller Pro.exe
Size

5.3MB
Sample

211107-gnwtrsheh3
MD5

179eb02431d74ac80da5689254fa1f0b
SHA1

64b289011e17ba3f7de8850fafe7eae787eb1dd7
SHA256

8e4ec19445eb1409c602b0956c196f4943189bfd2a4dc230d7cf31c3be4ae277
SHA512

155fc255256978ab3e51db60ed0b84f5b8e2aa554565017a096247708643f5f3e342dcf08efdb836447961c83bf522b6b7c96290831caa505e1a5f04dd8eabf5

Score

10^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

72A4F42E3A2ABA89A433727FB5E9E26B163F3BC7872A1FFC1B21D73244EBF42B.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

72A4F42E3A2ABA89A433727FB5E9E26B163F3BC7872A1FFC1B21D73244EBF42B.exe

Resource

win10-en-20211104

adware discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.iobit.com/downloadcenter.php?product=nl-advanced-uninstaller

Targets

- Target
  
  72A4F42E3A2ABA89A433727FB5E9E26B163F3BC7872A1FFC1B21D73244EBF42B
- Size
  
  5.4MB
- MD5
  
  b4b62cc70409c96442250f701259df0e
- SHA1
  
  573cc145d8c3e9e63a2d033fd7082e147088ceb6
- SHA256
  
  72a4f42e3a2aba89a433727fb5e9e26b163f3bc7872a1ffc1b21d73244ebf42b
- SHA512
  
  6b99b5ba389dc8bd7df0722a3392def93f29e5854fd695f72d99d1525da531b6990f375f0d4099789a576b1c43e70cf68b5fb6e1940505bbf557377e92bb1aa6
Score

10^/10

discovery adware persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy