Overview

overview

8

Static

static

48e2db1ecd...2f.exe

windows7-x64

8

48e2db1ecd...2f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48e2db1ecd5ea2fea5c337f899b6d76237c7ad12734491ccef0545170bf59d2f

  • Size

    253KB

  • Sample

    220919-tyfxhsgeh3

  • MD5

    55d86f7d4fec3548b1b176c7d9b8b8d1

  • SHA1

    e53a983a6a1ac30869e4964945334d195b4a7648

  • SHA256

    48e2db1ecd5ea2fea5c337f899b6d76237c7ad12734491ccef0545170bf59d2f

  • SHA512

    6a3313dd7023e82b075eed4ad094bbe7cc32920ef2894d76ca1202031af26445a52549caafcc8baba9960e7bacb061d598b96405911289f84df2d394e98963b4

  • SSDEEP

    3072:ZY0yj4Gi3dnYxGBMBwK9pTea9cbOPi6Q6cv/VbfSt1gNKRjPsh5zhfRVLdUfijhb:ZY94NYdB1XvqMWmvgNKRjPGlp7nWVp18

Score
8/10
adwarepersistencestealerupx

Malware Config

Targets

    • Target

      48e2db1ecd5ea2fea5c337f899b6d76237c7ad12734491ccef0545170bf59d2f

    • Size

      253KB

    • MD5

      55d86f7d4fec3548b1b176c7d9b8b8d1

    • SHA1

      e53a983a6a1ac30869e4964945334d195b4a7648

    • SHA256

      48e2db1ecd5ea2fea5c337f899b6d76237c7ad12734491ccef0545170bf59d2f

    • SHA512

      6a3313dd7023e82b075eed4ad094bbe7cc32920ef2894d76ca1202031af26445a52549caafcc8baba9960e7bacb061d598b96405911289f84df2d394e98963b4

    • SSDEEP

      3072:ZY0yj4Gi3dnYxGBMBwK9pTea9cbOPi6Q6cv/VbfSt1gNKRjPsh5zhfRVLdUfijhb:ZY94NYdB1XvqMWmvgNKRjPGlp7nWVp18

    Score
    8/10
    adwarepersistencestealerupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks