df7ea2b79d7b78c5c3aaf09bbcf5831ad8e7589edec251937bd4d1a96e4b4c4a | Triage

Sharing

General

Target

df7ea2b79d7b78c5c3aaf09bbcf5831ad8e7589edec251937bd4d1a96e4b4c4a
Size

7KB
Sample

220427-vnsn1aabgl
MD5

8d2f9df8ee8a05ca1aa2e22cf93d0fa2
SHA1

ffb88ba222f6a7605542430e6303899215839e89
SHA256

df7ea2b79d7b78c5c3aaf09bbcf5831ad8e7589edec251937bd4d1a96e4b4c4a
SHA512

d1cbbf0b7249fd7323d327afcea43682404c18eeab1b061bc727b50726a3c68f82d90f7de473c56dffebaa41c6a456dbf2d82af22c1c06e3d0ced1cf7c71a8cb

Score

10^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  df7ea2b79d7b78c5c3aaf09bbcf5831ad8e7589edec251937bd4d1a96e4b4c4a
- Size
  
  7KB
- MD5
  
  8d2f9df8ee8a05ca1aa2e22cf93d0fa2
- SHA1
  
  ffb88ba222f6a7605542430e6303899215839e89
- SHA256
  
  df7ea2b79d7b78c5c3aaf09bbcf5831ad8e7589edec251937bd4d1a96e4b4c4a
- SHA512
  
  d1cbbf0b7249fd7323d327afcea43682404c18eeab1b061bc727b50726a3c68f82d90f7de473c56dffebaa41c6a456dbf2d82af22c1c06e3d0ced1cf7c71a8cb
Score

10^/10

adware persistence stealer
- Modifies system executable filetype association
  persistence
- Modifies AppInit DLL entries
  persistence
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Browser Extensions

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer