0ef2da9d929b8760436d0540eaba76042bb65e14be8b5741e0e93d3e8eeb00b4 | Triage

Submit
Reports

Overview

overview

Static

static

sample2.exe

windows7_x64

sample2.exe

windows10-2004_x64

Sharing

General

Target

sample2.exe
Size

9.9MB
Sample

220428-bfwadaage9
MD5

10bbba89a21582f349d38569bc394632
SHA1

2b58b3e657bdf41e0f16337eba2c3771b14ca219
SHA256

0ef2da9d929b8760436d0540eaba76042bb65e14be8b5741e0e93d3e8eeb00b4
SHA512

16a8c82636b08d66f9e744036e34fa8db8bf40a841a2ae45cd1913e407d5dc871f49b9a5b4bfcbb0ea0223b534590158c97a2ad51d5572da33d9431b54c4de5c

Score

10^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

sample2.exe

Resource

win7-20220414-en

adware discovery persistence stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample2.exe

Resource

win10v2004-20220414-en

adware discovery persistence stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sample2.exe
- Size
  
  9.9MB
- MD5
  
  10bbba89a21582f349d38569bc394632
- SHA1
  
  2b58b3e657bdf41e0f16337eba2c3771b14ca219
- SHA256
  
  0ef2da9d929b8760436d0540eaba76042bb65e14be8b5741e0e93d3e8eeb00b4
- SHA512
  
  16a8c82636b08d66f9e744036e34fa8db8bf40a841a2ae45cd1913e407d5dc871f49b9a5b4bfcbb0ea0223b534590158c97a2ad51d5572da33d9431b54c4de5c
Score

10^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2024

Terms | Privacy