fe6255ae04570a2e62a4226795eb5a61ab72c0baeec3c3a490d85683fcea8323 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe6255ae04570a2e62a4226795eb5a61ab72c0baeec3c3a490d85683fcea8323
Size

244KB
Sample

221003-clxaasbgd9
MD5

67885b5950c0b4ee54fab6c7ce181e33
SHA1

3b67126377e2472a1bc085a0af4e506d06403ca2
SHA256

fe6255ae04570a2e62a4226795eb5a61ab72c0baeec3c3a490d85683fcea8323
SHA512

aa392182011cbd96610340a95f39987e97d4e5d66dcf20d433968ca69b70427f0e78c5bd5ee1e0182c2fd08b015490c6a150b37cc9349bfbafe8e46608bd4559
SSDEEP

6144:aLxl6v2lc4pimUzSIxNInZTmu9NPXtLQy:Gl6+lLpLdIMnZqurX2y

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  fe6255ae04570a2e62a4226795eb5a61ab72c0baeec3c3a490d85683fcea8323
- Size
  
  244KB
- MD5
  
  67885b5950c0b4ee54fab6c7ce181e33
- SHA1
  
  3b67126377e2472a1bc085a0af4e506d06403ca2
- SHA256
  
  fe6255ae04570a2e62a4226795eb5a61ab72c0baeec3c3a490d85683fcea8323
- SHA512
  
  aa392182011cbd96610340a95f39987e97d4e5d66dcf20d433968ca69b70427f0e78c5bd5ee1e0182c2fd08b015490c6a150b37cc9349bfbafe8e46608bd4559
- SSDEEP
  
  6144:aLxl6v2lc4pimUzSIxNInZTmu9NPXtLQy:Gl6+lLpLdIMnZqurX2y
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer