fc28ac74597c6c4843a38e7acec05f6fce35d62bb8b90375a1de943965c964f1 | Triage

Sharing

General

Target

fc28ac74597c6c4843a38e7acec05f6fce35d62bb8b90375a1de943965c964f1
Size

328KB
Sample

221120-hr77msbh62
MD5

14150d55a08032256b49445c6f872200
SHA1

148f1da9ea454c02c8a22e6ed304b4e1e5542b36
SHA256

fc28ac74597c6c4843a38e7acec05f6fce35d62bb8b90375a1de943965c964f1
SHA512

b60d0b7114caec4e0d926d42fc44fa2ef68476e3c2b5e0359113b365f8e223d613c5f98c8725d26202159c66425d28cc5cbe9664ae1637eb6f503f3eab34b24e
SSDEEP

6144:5yWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:5Cemx0vN3HKGi6sYjJLUGGtedud5tr7

Score

8^/10

adware discovery exploit persistence stealer

Malware Config

Targets

- Target
  
  fc28ac74597c6c4843a38e7acec05f6fce35d62bb8b90375a1de943965c964f1
- Size
  
  328KB
- MD5
  
  14150d55a08032256b49445c6f872200
- SHA1
  
  148f1da9ea454c02c8a22e6ed304b4e1e5542b36
- SHA256
  
  fc28ac74597c6c4843a38e7acec05f6fce35d62bb8b90375a1de943965c964f1
- SHA512
  
  b60d0b7114caec4e0d926d42fc44fa2ef68476e3c2b5e0359113b365f8e223d613c5f98c8725d26202159c66425d28cc5cbe9664ae1637eb6f503f3eab34b24e
- SSDEEP
  
  6144:5yWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:5Cemx0vN3HKGi6sYjJLUGGtedud5tr7
Score

8^/10

adware discovery exploit persistence stealer
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Sets service image path in registry
  persistence
- Deletes itself
- Modifies file permissions
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoveryexploitpersistencestealer

behavioral2

adwarediscoveryexploitpersistencestealer