bd20a38cf4b3c160d6a9196600d5537985c615e365190da99d4f2ec6788e48f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd20a38cf4b3c160d6a9196600d5537985c615e365190da99d4f2ec6788e48f7
Size

36KB
Sample

220919-rm127scef9
MD5

933b4213300a7a93c317954b09f4e17e
SHA1

2aa38c56e92a99345251f71cf470ef5f4938def9
SHA256

bd20a38cf4b3c160d6a9196600d5537985c615e365190da99d4f2ec6788e48f7
SHA512

5742c6f366e12b4a9c2f244b62709abaf2b8ebd8ed3b3334faba75fa4631257cf42bd4a514c3ff0f2e19dd6a0eeba70d8a677c471d166d1a4d9dd7091836a624
SSDEEP

768:GRcetMCMx3EY9KP5mP3KASn6kSEB3bNzIkLyrSG7Q:hicPEhmPn85NDLyrx7Q

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  bd20a38cf4b3c160d6a9196600d5537985c615e365190da99d4f2ec6788e48f7
- Size
  
  36KB
- MD5
  
  933b4213300a7a93c317954b09f4e17e
- SHA1
  
  2aa38c56e92a99345251f71cf470ef5f4938def9
- SHA256
  
  bd20a38cf4b3c160d6a9196600d5537985c615e365190da99d4f2ec6788e48f7
- SHA512
  
  5742c6f366e12b4a9c2f244b62709abaf2b8ebd8ed3b3334faba75fa4631257cf42bd4a514c3ff0f2e19dd6a0eeba70d8a677c471d166d1a4d9dd7091836a624
- SSDEEP
  
  768:GRcetMCMx3EY9KP5mP3KASn6kSEB3bNzIkLyrSG7Q:hicPEhmPn85NDLyrx7Q
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer