Overview

overview

10

Static

static

166c3c2fbe...c6.exe

windows7_x64

10

166c3c2fbe...c6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    166c3c2fbe8392fb4b4ddaf5f192d94cc321c5fc4d65bd698a4d691416e999c6

  • Size

    172KB

  • Sample

    220207-d736eaehck

  • MD5

    8e96a36f11abb8a0d634637bbc67d35e

  • SHA1

    1320a8008d59092b7cf29fbc9656bb985a04e5d7

  • SHA256

    166c3c2fbe8392fb4b4ddaf5f192d94cc321c5fc4d65bd698a4d691416e999c6

  • SHA512

    11c26816157939120900d619069a87c8c6a947d5b17f3a3326a71244e1f405eb761f4d99637dc39d6f664a9f5948c02353b5f527fb3fad10d4f0477ac6dabdf5

Score
10/10
adwareevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      166c3c2fbe8392fb4b4ddaf5f192d94cc321c5fc4d65bd698a4d691416e999c6

    • Size

      172KB

    • MD5

      8e96a36f11abb8a0d634637bbc67d35e

    • SHA1

      1320a8008d59092b7cf29fbc9656bb985a04e5d7

    • SHA256

      166c3c2fbe8392fb4b4ddaf5f192d94cc321c5fc4d65bd698a4d691416e999c6

    • SHA512

      11c26816157939120900d619069a87c8c6a947d5b17f3a3326a71244e1f405eb761f4d99637dc39d6f664a9f5948c02353b5f527fb3fad10d4f0477ac6dabdf5

    Score
    10/10
    adwareevasionpersistencespywarestealer

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Modifies Installed Components in the registry

      persistence

    • Registers new Print Monitor

      persistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

6
T1060

Modify Existing Service

2
T1031

Change Default File Association

1
T1042

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

10
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks