0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc | Triage

Submit
Reports

Overview

overview

9

Static

static

1

0a03f3e93c...bc.exe

windows7-x64

9

0a03f3e93c...bc.exe

windows10-2004-x64

9

Sharing

General

Target

0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc
Size

1.9MB
Sample

221123-mv7shafb53
MD5

83cb5c6151bf2d49a800557af451cead
SHA1

ddcc46491dd27692dbe8b218dc669e966c8ee88d
SHA256

0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc
SHA512

3c7afc1f4563cc1598dc69f81560d1b6f059bef02c6dec75c4e036dfa50ec0b077b895133334c733a5fbc979f765e2b4c0473036f2a3a780cf846e3803d79284
SSDEEP

49152:8NQ/5vHwq6I92yqUm3qUocqa3nwkFfiFiAe:8ypwqn9fxJr+nw46AAe

Score

9^/10

adware discovery persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc.exe

Resource

win7-20220812-en

adware discovery persistence stealer upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc.exe

Resource

win10v2004-20220812-en

adware discovery persistence stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc
- Size
  
  1.9MB
- MD5
  
  83cb5c6151bf2d49a800557af451cead
- SHA1
  
  ddcc46491dd27692dbe8b218dc669e966c8ee88d
- SHA256
  
  0a03f3e93cce32b443d0b5a069dd49cf66b6d41c680b3c0f3183f8178974ecbc
- SHA512
  
  3c7afc1f4563cc1598dc69f81560d1b6f059bef02c6dec75c4e036dfa50ec0b077b895133334c733a5fbc979f765e2b4c0473036f2a3a780cf846e3803d79284
- SSDEEP
  
  49152:8NQ/5vHwq6I92yqUm3qUocqa3nwkFfiFiAe:8ypwqn9fxJr+nw46AAe
Score

9^/10

adware discovery persistence stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealerupx

behavioral2

adwarediscoverypersistencestealerupx

© 2018-2024

Terms | Privacy