Extracted

• • Target

    8f4cea54120c564ceefe853dc024c9fe45be99a71bf52c6652c682653e73c8ee

  • Size

    312KB

  • MD5

    fcf536def2d99c123fa96faefa328dfb

  • SHA1

    11648fa98051860857385cf6abc40593045e5c26

  • SHA256

    8f4cea54120c564ceefe853dc024c9fe45be99a71bf52c6652c682653e73c8ee

  • SHA512

    c7ab99c0ffd5f61d51cd0f8972d6229b530fa73f0be481f7557909e35987045f71cb619762438054764908640abbf2305793ba3b4ade1f3416d21846400704ac

  • SSDEEP

    6144:mY94NIH5BcYqL1jCF11woFX+g0X5j1JbKakFBTslBOYbv6xLMh/DLGIrnau3/tm:N9OOBtqLxQWSXl0JLbKvFBTshb6xLMZs

  Score

  10^/10

  adwarepersistencestealer

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  behavioral1behavioral2