2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141 | Triage

Submit
Reports

Overview

overview

8

Static

static

2063099cef...41.exe

windows7_x64

8

2063099cef...41.exe

windows10-2004_x64

8

Sharing

General

Target

2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141
Size

19KB
Sample

220427-tnk4gsgdap
MD5

66e36e32ca5b1468a95eba9b7bd517f4
SHA1

57fc9be599081d5c73028afd145c860b2997b708
SHA256

2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141
SHA512

2ed231ca107a944b24d97fb661a66127d42870133184b4a95b591bebc078ff4a6d96975633b77da5ac12f18e8d21d17e737235c1c61e69e5d079ada9f40b2a93

Score

8^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141.exe

Resource

win7-20220414-en

adware discovery persistence stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141.exe

Resource

win10v2004-20220414-en

adware discovery persistence stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141
- Size
  
  19KB
- MD5
  
  66e36e32ca5b1468a95eba9b7bd517f4
- SHA1
  
  57fc9be599081d5c73028afd145c860b2997b708
- SHA256
  
  2063099cef11114c1abb3d8b42efbd6efab26ed366100c6cde9b003b3a675141
- SHA512
  
  2ed231ca107a944b24d97fb661a66127d42870133184b4a95b591bebc078ff4a6d96975633b77da5ac12f18e8d21d17e737235c1c61e69e5d079ada9f40b2a93
Score

8^/10

adware discovery persistence stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2024

Terms | Privacy