028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

028ebd70e6...56.exe

windows7_x64

7

028ebd70e6...56.exe

windows10-2004_x64

7

Sharing

General

Target

028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256
Size

632KB
Sample

220528-ehay1acbbm
MD5

4d40b43d9bbe744efc3c2774c85638a8
SHA1

82073db861a7bf494dfe222a8f9c0b12200f91f1
SHA256

028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256
SHA512

b80b60455f23d3c6c14117ec0dec3206f122cab7f33ccdd1d9f8b6476def104e701f9926db9b8150731a9818544da332a84f3e32fd705dffb948b6df75483262

Score

7^/10

adware discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256.exe

Resource

win7-20220414-en

adware discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256.exe

Resource

win10v2004-20220414-en

adware discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256
- Size
  
  632KB
- MD5
  
  4d40b43d9bbe744efc3c2774c85638a8
- SHA1
  
  82073db861a7bf494dfe222a8f9c0b12200f91f1
- SHA256
  
  028ebd70e6092d83150e3eaa5475ee91f1f428d89a57251640d55155d4a91256
- SHA512
  
  b80b60455f23d3c6c14117ec0dec3206f122cab7f33ccdd1d9f8b6476def104e701f9926db9b8150731a9818544da332a84f3e32fd705dffb948b6df75483262
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer

© 2018-2024

Terms | Privacy