33e07c74828fbbae628aeb455f033918a570cdaf08090d5de99812ff03a230b3 | Triage

Submit
Reports

Overview

overview

Static

static

GesNot.Cli...64.exe

windows7_x64

GesNot.Cli...64.exe

windows10_x64

Resubmissions

24-01-2022 22:06

220124-11d92abbbr 10

24-01-2022 22:01

220124-1xkyeabafq 8

Sharing

General

Target

GesNot.Cliente-x64.exe
Size

117.6MB
Sample

220124-11d92abbbr
MD5

f4994ee65467f3f2a609cb8ce76d5af1
SHA1

24f354af217c20f8987b56d3b4efaeede0d85416
SHA256

33e07c74828fbbae628aeb455f033918a570cdaf08090d5de99812ff03a230b3
SHA512

80df4b2be2dcb532edc0b50931f3f92e3e07f29aa39263e338f7a58dea7ddbf8879b48698bb0cb2959a577835020a03a72ef1e5b4f504dcb8895fbd1299761e7

Score

10^/10

adware persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

GesNot.Cliente-x64.exe

Resource

win7-es-20211208

adware persistence stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GesNot.Cliente-x64.exe

Resource

win10-es-20211208

adware persistence stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  GesNot.Cliente-x64.exe
- Size
  
  117.6MB
- MD5
  
  f4994ee65467f3f2a609cb8ce76d5af1
- SHA1
  
  24f354af217c20f8987b56d3b4efaeede0d85416
- SHA256
  
  33e07c74828fbbae628aeb455f033918a570cdaf08090d5de99812ff03a230b3
- SHA512
  
  80df4b2be2dcb532edc0b50931f3f92e3e07f29aa39263e338f7a58dea7ddbf8879b48698bb0cb2959a577835020a03a72ef1e5b4f504dcb8895fbd1299761e7
Score

10^/10

adware persistence stealer upx
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy