6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665 | Triage

Submit
Reports

Overview

overview

8

Static

static

6fdd97ca70...65.exe

windows7-x64

8

6fdd97ca70...65.exe

windows10-2004-x64

8

Sharing

General

Target

6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665
Size

148KB
Sample

221124-qtvy4aga36
MD5

33acba5bc6dc7200bbcbf5528a392b7b
SHA1

80838a9c87c5436eb95e9934d9dd6ad87784541d
SHA256

6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665
SHA512

f6dc9defe54cbcbc03c6d8fac5eaea2d1ffc2034c59868b7dbc2ea8fa8b18ab7bf3e161a6d110fac562f93a4009e960e7bdea9abec0b4147b7396f479ebd6642
SSDEEP

3072:4RQe3L7SPI8SxLDRuCX+iEuegzWn3gRA2ori:4RQu7ohSVA+EuLaONoe

Score

8^/10

adware persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665.exe

Resource

win10v2004-20221111-en

adware persistence stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665
- Size
  
  148KB
- MD5
  
  33acba5bc6dc7200bbcbf5528a392b7b
- SHA1
  
  80838a9c87c5436eb95e9934d9dd6ad87784541d
- SHA256
  
  6fdd97ca703c12628b3eb0cb3a0bed5daf10c76a1619613c563aa07cc8f63665
- SHA512
  
  f6dc9defe54cbcbc03c6d8fac5eaea2d1ffc2034c59868b7dbc2ea8fa8b18ab7bf3e161a6d110fac562f93a4009e960e7bdea9abec0b4147b7396f479ebd6642
- SSDEEP
  
  3072:4RQe3L7SPI8SxLDRuCX+iEuegzWn3gRA2ori:4RQu7ohSVA+EuLaONoe
Score

8^/10

persistence adware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealer

© 2018-2024

Terms | Privacy