1f9316f0caff55fb6bede1ddf399db7cde56047b915b3c95614aff408df1badf | Triage

Sharing

General

Target

1f9316f0caff55fb6bede1ddf399db7cde56047b915b3c95614aff408df1badf
Size

278KB
Sample

221020-gvcdpsghbl
MD5

8000aa28e6d85c56a959c23d8bd7aaee
SHA1

83ead784d20614a77e998d0520e22dca8b5dd4b7
SHA256

1f9316f0caff55fb6bede1ddf399db7cde56047b915b3c95614aff408df1badf
SHA512

8b5ea35fb37ad4c6208601521ba97c74b94d095c86173a376900fe1c0752687ee8e7e6c95605dd80265290ea49f92b40f097b3160e1c854199f4e5b5413a110d
SSDEEP

6144:OY94NSXIJkEONpbgTlg+GlQZMmMaoMPFgtiubb/d9E6:l9OSXRgTC+GSM5MdgI6bT

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  1f9316f0caff55fb6bede1ddf399db7cde56047b915b3c95614aff408df1badf
- Size
  
  278KB
- MD5
  
  8000aa28e6d85c56a959c23d8bd7aaee
- SHA1
  
  83ead784d20614a77e998d0520e22dca8b5dd4b7
- SHA256
  
  1f9316f0caff55fb6bede1ddf399db7cde56047b915b3c95614aff408df1badf
- SHA512
  
  8b5ea35fb37ad4c6208601521ba97c74b94d095c86173a376900fe1c0752687ee8e7e6c95605dd80265290ea49f92b40f097b3160e1c854199f4e5b5413a110d
- SSDEEP
  
  6144:OY94NSXIJkEONpbgTlg+GlQZMmMaoMPFgtiubb/d9E6:l9OSXRgTC+GSM5MdgI6bT
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer