Overview

overview

8

Static

static

6efdaec1d4...4b.exe

windows7-x64

8

6efdaec1d4...4b.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    6efdaec1d498bab7cb960066b8aa4516678bc6cdde5874f50c8a5c3f0192994b

  • Size

    148KB

  • Sample

    221003-nnj9asdgh9

  • MD5

    60097d78b0b4e566099f115ba4258b09

  • SHA1

    2ae031bf261efda6ddc41d1f328b59e66e87c3a9

  • SHA256

    6efdaec1d498bab7cb960066b8aa4516678bc6cdde5874f50c8a5c3f0192994b

  • SHA512

    dd0520534f2bbadd645e7fcbf92a55713f26428fbec34d094095ce6d5c24c84afa35ed4ca9fe391b68e068a54c898e3578d31fd2fbeed9cc6d788425abb0b7d4

  • SSDEEP

    3072:867ujHo5TeowSj6c0EOlavl+rB3BfS8dOo:86qjI5TZLjcEOQvlovK8dOo

Score
8/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      6efdaec1d498bab7cb960066b8aa4516678bc6cdde5874f50c8a5c3f0192994b

    • Size

      148KB

    • MD5

      60097d78b0b4e566099f115ba4258b09

    • SHA1

      2ae031bf261efda6ddc41d1f328b59e66e87c3a9

    • SHA256

      6efdaec1d498bab7cb960066b8aa4516678bc6cdde5874f50c8a5c3f0192994b

    • SHA512

      dd0520534f2bbadd645e7fcbf92a55713f26428fbec34d094095ce6d5c24c84afa35ed4ca9fe391b68e068a54c898e3578d31fd2fbeed9cc6d788425abb0b7d4

    • SSDEEP

      3072:867ujHo5TeowSj6c0EOlavl+rB3BfS8dOo:86qjI5TZLjcEOQvlovK8dOo

    Score
    8/10
    adwarepersistencestealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks