60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c | Triage

Submit
Reports

Overview

overview

8

Static

static

60b49fbfc3...7c.exe

windows7-x64

8

60b49fbfc3...7c.exe

windows10-2004-x64

8

Sharing

General

Target

60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c
Size

517KB
Sample

220731-d5nypsfffm
MD5

e07728f85c48f56645c2d2a4be8aacf5
SHA1

a8345e02bce2075d53b091fb8c95bb052d8e5e7a
SHA256

60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c
SHA512

5bd1f958f485b3f38904cac1a21747b016f6c516a29bc57249264a946f79b169216fa0d52874168419ddf68c826f1b5ecf26691da4060dda878e4347a3a2bd4c

Score

8^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c.exe

Resource

win7-20220718-en

adware discovery persistence stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c.exe

Resource

win10v2004-20220721-en

adware discovery persistence stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c
- Size
  
  517KB
- MD5
  
  e07728f85c48f56645c2d2a4be8aacf5
- SHA1
  
  a8345e02bce2075d53b091fb8c95bb052d8e5e7a
- SHA256
  
  60b49fbfc3d98134fd35d9bfe45db96985947fdfd0be5221f9fb774a577fc07c
- SHA512
  
  5bd1f958f485b3f38904cac1a21747b016f6c516a29bc57249264a946f79b169216fa0d52874168419ddf68c826f1b5ecf26691da4060dda878e4347a3a2bd4c
Score

8^/10

adware discovery persistence stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2024

Terms | Privacy