6828317766d1331bd782acc4cb6f00d9611763b32680a70cde5087ec1ea2ef12 | Triage

Sharing

General

Target

6828317766d1331bd782acc4cb6f00d9611763b32680a70cde5087ec1ea2ef12
Size

6.7MB
Sample

221123-vg83eaha66
MD5

cab48ed9de529a22ca0a1c2d79de3e63
SHA1

ffd86c5b07573c79b8975aac35c40b4c27c7292c
SHA256

6828317766d1331bd782acc4cb6f00d9611763b32680a70cde5087ec1ea2ef12
SHA512

c42889b98affa8e6a18457177fd65f70beff3d796c6ea403607d19125bb2b0af7d8fbbad9353dddb03316b8c1651337d3ae4ec7120f7a051daa9269cc63b997b
SSDEEP

196608:i7BWIdKv52/Tg289Pzeh0M+9IUrMSY0TOPrBMJQTzT:S/s2wPzemMF0TUrBLTH

Score

8^/10

adware discovery exploit persistence stealer

Malware Config

Targets

- Target
  
  6828317766d1331bd782acc4cb6f00d9611763b32680a70cde5087ec1ea2ef12
- Size
  
  6.7MB
- MD5
  
  cab48ed9de529a22ca0a1c2d79de3e63
- SHA1
  
  ffd86c5b07573c79b8975aac35c40b4c27c7292c
- SHA256
  
  6828317766d1331bd782acc4cb6f00d9611763b32680a70cde5087ec1ea2ef12
- SHA512
  
  c42889b98affa8e6a18457177fd65f70beff3d796c6ea403607d19125bb2b0af7d8fbbad9353dddb03316b8c1651337d3ae4ec7120f7a051daa9269cc63b997b
- SSDEEP
  
  196608:i7BWIdKv52/Tg289Pzeh0M+9IUrMSY0TOPrBMJQTzT:S/s2wPzemMF0TUrBLTH
Score

8^/10

adware discovery exploit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Sets service image path in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryexploitpersistencestealer

behavioral2

adwarediscoveryexploitpersistencestealer