54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37 | Triage

Submit
Reports

Overview

overview

9

Static

static

8

54666e5047...37.exe

windows7_x64

9

54666e5047...37.exe

windows10-2004_x64

9

Sharing

General

Target

54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37
Size

32KB
Sample

220427-sv57kaehhj
MD5

c65293b9df5f00d39b5220157bcf416b
SHA1

8cb97a739d4b8d5d929990b24c86c1071b608778
SHA256

54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37
SHA512

1267ac2bc2f5f3bd5ca3611f1f077df3e6f1bfd179ab18bfeb874e37a1ec5667d92219d250b06374fa10ef574de1b0c3a5811a2fc9cb5845ceaa0356a8552b4c

Score

9^/10

adware discovery persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37.exe

Resource

win7-20220414-en

adware discovery persistence stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37.exe

Resource

win10v2004-20220414-en

adware discovery persistence stealer upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37
- Size
  
  32KB
- MD5
  
  c65293b9df5f00d39b5220157bcf416b
- SHA1
  
  8cb97a739d4b8d5d929990b24c86c1071b608778
- SHA256
  
  54666e50470d3534b4aa9ed84ba713ef94e34e53b9b4f3284a360555b9885c37
- SHA512
  
  1267ac2bc2f5f3bd5ca3611f1f077df3e6f1bfd179ab18bfeb874e37a1ec5667d92219d250b06374fa10ef574de1b0c3a5811a2fc9cb5845ceaa0356a8552b4c
Score

9^/10

adware discovery persistence stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealerupx

behavioral2

adwarediscoverypersistencestealerupx

© 2018-2024

Terms | Privacy