66ef5da13e960e2878af2820f76fc8b258359d1a990d9061f5cf43bf8f8329b0 | Triage

Submit
Reports

Overview

overview

Static

static

safeconnect.exe

windows7_x64

safeconnect.exe

windows10_x64

Sharing

General

Target

safeconnect.exe
Size

721KB
Sample

211216-gmgy8abch2
MD5

3b89d22f1d594573f2957c942f43d730
SHA1

0c6edad332f7fdc73ba4d51a3751d8185230bb27
SHA256

66ef5da13e960e2878af2820f76fc8b258359d1a990d9061f5cf43bf8f8329b0
SHA512

43edbb57b298e83ac610714013e032d5b495485dc888638ee9cbf1ebc3f8a7beffd542cf7b37ecaba336363a7d7abe9cc033c4ca78d6d1ffe5fec6f8272ff0fe

Score

10^/10

adware evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

safeconnect.exe

Resource

win7-en-20211208

adware evasion persistence stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

safeconnect.exe

Resource

win10-en-20211208

adware evasion persistence stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  safeconnect.exe
- Size
  
  721KB
- MD5
  
  3b89d22f1d594573f2957c942f43d730
- SHA1
  
  0c6edad332f7fdc73ba4d51a3751d8185230bb27
- SHA256
  
  66ef5da13e960e2878af2820f76fc8b258359d1a990d9061f5cf43bf8f8329b0
- SHA512
  
  43edbb57b298e83ac610714013e032d5b495485dc888638ee9cbf1ebc3f8a7beffd542cf7b37ecaba336363a7d7abe9cc033c4ca78d6d1ffe5fec6f8272ff0fe
Score

10^/10

adware evasion persistence stealer trojan
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencestealertrojan

behavioral2

adwareevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy