7f8c572116c3638d9904a1e076c2b960631f269e8f21aff09b61055197e00638 | Triage

Sharing

General

Target

7f8c572116c3638d9904a1e076c2b960631f269e8f21aff09b61055197e00638
Size

373KB
Sample

220919-t57ntaghe6
MD5

ea3ac0aac395eadfe6362a9bdd36903f
SHA1

10f05cd28957eaaf375b25d7675c4cb894e91983
SHA256

7f8c572116c3638d9904a1e076c2b960631f269e8f21aff09b61055197e00638
SHA512

272658284437f429e6b390d5d65df1b1a229b1a04678963aa7eed972c5a89560d445be4e4be8f2ec99818d561b7890599113011c669abf2909302104fadbda46
SSDEEP

6144:SY94NTudsckh6IeJYr/qcRLT+C8uvQ7ukCGZV+J46E+6mcZpB:R9OisckheJ+PRLT+CfvifCx46EDmcZpB

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  7f8c572116c3638d9904a1e076c2b960631f269e8f21aff09b61055197e00638
- Size
  
  373KB
- MD5
  
  ea3ac0aac395eadfe6362a9bdd36903f
- SHA1
  
  10f05cd28957eaaf375b25d7675c4cb894e91983
- SHA256
  
  7f8c572116c3638d9904a1e076c2b960631f269e8f21aff09b61055197e00638
- SHA512
  
  272658284437f429e6b390d5d65df1b1a229b1a04678963aa7eed972c5a89560d445be4e4be8f2ec99818d561b7890599113011c669abf2909302104fadbda46
- SSDEEP
  
  6144:SY94NTudsckh6IeJYr/qcRLT+C8uvQ7ukCGZV+J46E+6mcZpB:R9OisckheJ+PRLT+CfvifCx46EDmcZpB
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer