1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7 | Triage

Sharing

General

Target

1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7
Size

231KB
Sample

221011-j6jchadhej
MD5

6e264ad464454392d5fbe1073f39c766
SHA1

ab3150b06c01c7c42c434034ca58b57802524a67
SHA256

1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7
SHA512

a442c2272e56c48797f24ffb14c3ca807c20b914a30ffc8558616e4e238ff3424f893afcb5899ab5e76049314bcaa7e830a3e390cdc51fc354c8a91388b74cd9
SSDEEP

6144:Isceqs5qIhYzq40b8cRtedIkQ9mMEgr1f/7Mfz:Isce4IhYG1b7edITm4f/7ML

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7
- Size
  
  231KB
- MD5
  
  6e264ad464454392d5fbe1073f39c766
- SHA1
  
  ab3150b06c01c7c42c434034ca58b57802524a67
- SHA256
  
  1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7
- SHA512
  
  a442c2272e56c48797f24ffb14c3ca807c20b914a30ffc8558616e4e238ff3424f893afcb5899ab5e76049314bcaa7e830a3e390cdc51fc354c8a91388b74cd9
- SSDEEP
  
  6144:Isceqs5qIhYzq40b8cRtedIkQ9mMEgr1f/7Mfz:Isce4IhYG1b7edITm4f/7ML
Score

8^/10

adware persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealer