4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

4fd5841c70...76.exe

windows7-x64

7

4fd5841c70...76.exe

windows10-2004-x64

7

Sharing

General

Target

4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76
Size

250KB
Sample

221011-3yt9ksbgh9
MD5

65f4829b59efcb236f40614e40150ae3
SHA1

267ec42b5bedb59cd60d763df03abe479049b83a
SHA256

4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76
SHA512

97677c2964bde975662eac3d269094f1d2f1ed5e22d4129910b51df9d59d9592bde67664429a78d0ba575d63f6dcfbff08cc33d835f836d67866ab23579620b1
SSDEEP

6144:Ms5bFElVkBOv7kh0aII+fGL+z0rVfZNwjVu/Wk2rbJrJops:1p40kaII+uFZAcLO

Score

7^/10

adware discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76.exe

Resource

win7-20220901-en

adware discovery persistence stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76.exe

Resource

win10v2004-20220812-en

adware discovery persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76
- Size
  
  250KB
- MD5
  
  65f4829b59efcb236f40614e40150ae3
- SHA1
  
  267ec42b5bedb59cd60d763df03abe479049b83a
- SHA256
  
  4fd5841c7020f7df448a136a0157c467fd279ca86ee1f43df35c68871dc84d76
- SHA512
  
  97677c2964bde975662eac3d269094f1d2f1ed5e22d4129910b51df9d59d9592bde67664429a78d0ba575d63f6dcfbff08cc33d835f836d67866ab23579620b1
- SSDEEP
  
  6144:Ms5bFElVkBOv7kh0aII+fGL+z0rVfZNwjVu/Wk2rbJrJops:1p40kaII+uFZAcLO
Score

7^/10

adware discovery persistence stealer
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2024

Terms | Privacy