ed22d8e5b49516b5805a750a38b38f1cdc749faa53ad870f0b9de4160e7534a2 | Triage

Sharing

General

Target

ed22d8e5b49516b5805a750a38b38f1cdc749faa53ad870f0b9de4160e7534a2
Size

278KB
Sample

221123-lkdagafa6w
MD5

575d2f7c2b95221b505a5713da4b340e
SHA1

ddd3024d15f90dcb0dd3893c80630a70ea84a2d5
SHA256

ed22d8e5b49516b5805a750a38b38f1cdc749faa53ad870f0b9de4160e7534a2
SHA512

c1357c2f41ffc8bc845f183d7cf65f56330e4d2a6d1b1da2a08194fd5c178e73f2a0c75a6a4111a6db199f330ffd2f7680bf61d231f77d94dfbaac6f2e53e429
SSDEEP

3072:qY0yj4Gi3doverSoEk/QSGLj4o9Jo5blNbBxgwU7A3LzTK8/k92/z4VVmzQY8XI1:qY94NdS4/Q5EoD0Nbn37O9pG2cEs

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  ed22d8e5b49516b5805a750a38b38f1cdc749faa53ad870f0b9de4160e7534a2
- Size
  
  278KB
- MD5
  
  575d2f7c2b95221b505a5713da4b340e
- SHA1
  
  ddd3024d15f90dcb0dd3893c80630a70ea84a2d5
- SHA256
  
  ed22d8e5b49516b5805a750a38b38f1cdc749faa53ad870f0b9de4160e7534a2
- SHA512
  
  c1357c2f41ffc8bc845f183d7cf65f56330e4d2a6d1b1da2a08194fd5c178e73f2a0c75a6a4111a6db199f330ffd2f7680bf61d231f77d94dfbaac6f2e53e429
- SSDEEP
  
  3072:qY0yj4Gi3doverSoEk/QSGLj4o9Jo5blNbBxgwU7A3LzTK8/k92/z4VVmzQY8XI1:qY94NdS4/Q5EoD0Nbn37O9pG2cEs
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer