42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95 | Triage

Submit
Reports

Overview

overview

8

Static

static

42ad40ba33...95.exe

windows7-x64

8

42ad40ba33...95.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95
Size

414KB
Sample

220919-ty883acddr
MD5

1363d52b95a22eb16e7d88fda98d5182
SHA1

ca1334f8bea4e7091bb4b092d5f6c9ee7d5b06db
SHA256

42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95
SHA512

7f8510d669661f54c64b2d9a553997c89654460903a5d03960d1720c925ba5fae81e502fc16a544288ee24a84afa1c69152608f726bafbac2c9b8160eabc3e23
SSDEEP

6144:76YajbofxCviIb2WQjyKRp9Ln3wrcw5y+LuJoDhQDiNGjdaHVA+9WTlvjEcg+DZM:dW6IPQpRp9TZwzaqODCGdaH2+9W2wDZM

Score

8^/10

adware persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95.exe

Resource

win7-20220901-en

adware persistence stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95.exe

Resource

win10v2004-20220812-en

adware persistence stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95
- Size
  
  414KB
- MD5
  
  1363d52b95a22eb16e7d88fda98d5182
- SHA1
  
  ca1334f8bea4e7091bb4b092d5f6c9ee7d5b06db
- SHA256
  
  42ad40ba3365311641b2c6bd6589795ec7465802502b1824b4feb7c8f2956b95
- SHA512
  
  7f8510d669661f54c64b2d9a553997c89654460903a5d03960d1720c925ba5fae81e502fc16a544288ee24a84afa1c69152608f726bafbac2c9b8160eabc3e23
- SSDEEP
  
  6144:76YajbofxCviIb2WQjyKRp9Ln3wrcw5y+LuJoDhQDiNGjdaHVA+9WTlvjEcg+DZM:dW6IPQpRp9TZwzaqODCGdaH2+9W2wDZM
Score

8^/10

adware persistence stealer upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2025

Terms | Privacy