368d34d78d1e4d0c9992d275bee1bbcb3cc666065736eb557856abcafb6632a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

368d34d78d1e4d0c9992d275bee1bbcb3cc666065736eb557856abcafb6632a0
Size

4.1MB
Sample

221018-s3x6xsgfal
MD5

8dce8ad676e83e6f21c57b967200c897
SHA1

e752eb8b4fe1bd3796870291210f6c861556e1ae
SHA256

368d34d78d1e4d0c9992d275bee1bbcb3cc666065736eb557856abcafb6632a0
SHA512

97146ade3e713d823c1ae54fd0fdc73af2b3c764327cad1de3f531a986ad957bed8287b567bf1cdb35cf21b3f11b7af8fdfec36c8264e6bc11cfc16c844a0c22
SSDEEP

98304:cJyHYLwa4jrkeZ4aCXeIBuZFnSyZgfeVD77/Hy8hxmpYC2t9ET:RYca4jrGaCXqXSvGVDfyrewT

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  UninstallTool.cpl
- Size
  
  312KB
- MD5
  
  b69b1b954a70639e7287a9812e84602f
- SHA1
  
  80a8986e5bd1f54b1c794f7b6cb4efe0a02e413b
- SHA256
  
  e81e01e4b631f9d9d740c98d93e4ba063292f28aecc732284d191a336e28cac7
- SHA512
  
  8d8bb909aaac14666295e3a6508ae5252c55fd15017d6ba868ee7cd73a3946d28cb937062853a281b232a954badf1acf1d781c2e80ce4735bb4103fa1b03a0f8
- SSDEEP
  
  6144:p7bFi+dDMGbHBQTnBHzteOCujnONEaHdH8:lJi+DMGbhQjVJeOtj+hdH
Score

1^/10
behavioral1 behavioral2
- Target
  
  UninstallTool.exe
- Size
  
  3.8MB
- MD5
  
  c76180b6b59a1b1c259f337a25f081be
- SHA1
  
  daaba8d78e6029ff0ed71206c46f577046b99898
- SHA256
  
  a05a5632a2b64c0269b1371aa85cf8454de26b21b2d3b035dd7a3bd41e05d744
- SHA512
  
  0a8d04e45e5d3495e1d587a06cb77f4865552fa9be2d4628fe741c516b7f8d0405d8c03c041b6b1364dd51660dd5d15c3ee27875eb7814a686e53ee076436338
- SSDEEP
  
  98304:lVc0LpMg4XClaaJxsMws0F7xioOU2baMy2yoh:Xdpua/sMBk2Jyoh
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  UninstallTool.exe.backup
- Size
  
  3.8MB
- MD5
  
  549cad827392688fef8ca1bcdefb0826
- SHA1
  
  0607cd4d03eed12e3f618726c8d1f01f7ebbebde
- SHA256
  
  64afe4ed17923ad0b725cf211070917a2f34187fd5c41368613e7f66fa70ea53
- SHA512
  
  be1ac10947214e8e74cb4019f833d83123b7761871145114096dae119b9168f6c2befa8d5b93bfee9ec860eeb4b61e6ead6d27772f290a026f2bc52015d9c0e4
- SSDEEP
  
  98304:GVc0LpMg4XClaaJxsMws0F7xioOU2baMy2yoh:mdpua/sMBk2Jyoh
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral5 behavioral6
- Target
  
  UninstallTool.url
- Size
  
  49B
- MD5
  
  5ee9ab72918050713bedda542ed7a563
- SHA1
  
  2bbb225a7d2dbb4c71b7487fabb84fe82d84f95f
- SHA256
  
  f5b831cbd09d64293e82d2f1f85c5787bd79599e64aab7128bdfb3c05e98b499
- SHA512
  
  33c4dc5d45c26799a42608590deb295ee3ad4bed36030874adb8bb43a611bfa5ee3335f318832c0d155824fd808fe7a9b657b7761176595bf79c6f73af2be497
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral7 behavioral8
- Target
  
  UninstallToolHelper.exe
- Size
  
  463KB
- MD5
  
  d82e0a3786dba17f88929d11d6b00b96
- SHA1
  
  098f9b676677dc3a30530ad5254b7fb41e1391d9
- SHA256
  
  ba8d7b5662f85aa901fd6bcf86fc5989013577b18c81a91bffc1211fec31d6c8
- SHA512
  
  4df64c5f421103fabf156342d41ff2cece82ce6b7015c454ac78680611d4ab64788c7ed50b0505edcd4cc704fdbe3c118370464c476f8047bd0e022ddbc3424d
- SSDEEP
  
  12288:jDrJL3QCiSt7hMYDbInjPp7ormE3Lu4iPnOEAPiWTydl6:jDrpQCpXZbCj5Y3C4MXlbK
Score

1^/10
behavioral9 behavioral10
- Target
  
  unins000.exe
- Size
  
  3.0MB
- MD5
  
  3bb36ed064c5b2b60ab8403f4ecfd7a3
- SHA1
  
  329b9cc11b0ccd8dd2558f34ec5ac100bdd59430
- SHA256
  
  17cfb3c45cc05f0aae13f63da802b425fdea5dd4e6b55f5867056de11d407d60
- SHA512
  
  3ee47bddae95ef903735e66b7b39249c4c3a6bb4ee3023eae8f635e896177f488d0ef97a7d85e5da47639f7b4d942f861e46e1c92f8b47edeb9c739234565965
- SSDEEP
  
  49152:Edx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjA333SK49l:xHDYsqiPRhINnq95FoHVBA333zM
Score

8^/10
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryspywarestealer

behavioral4

discoveryspywarestealer

behavioral5

discoveryspywarestealer

behavioral6

discoveryspywarestealer

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12