49ced2c67955d3b9a34f77f47e8e3ea6b8a23aae67d11bc1d38d351c26048e7c | Triage

Sharing

General

Target

49ced2c67955d3b9a34f77f47e8e3ea6b8a23aae67d11bc1d38d351c26048e7c
Size

4.3MB
Sample

221125-cc6sdagd3v
MD5

5f26e6068416cffbe147c283d44eb5b1
SHA1

3e740b60347a2543f7b8322567f76948424c0164
SHA256

49ced2c67955d3b9a34f77f47e8e3ea6b8a23aae67d11bc1d38d351c26048e7c
SHA512

e98758a7dbf91f5bf6734221f0cac637c6da789cc9177dedba78786225a04a718707cf89d8bc28ec13583bb7b517831e97efa4ea7efaf5ddc5dd1d5b27f4f858
SSDEEP

49152:QyuKYDZ0WnCJ+KLmxup45dGKvghxfki1iY9buOBqFB5jSlM/Zf0weeDNx4L:T2Z0toKbKcvbuOBqFB5j8MNtLNx4

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  49ced2c67955d3b9a34f77f47e8e3ea6b8a23aae67d11bc1d38d351c26048e7c
- Size
  
  4.3MB
- MD5
  
  5f26e6068416cffbe147c283d44eb5b1
- SHA1
  
  3e740b60347a2543f7b8322567f76948424c0164
- SHA256
  
  49ced2c67955d3b9a34f77f47e8e3ea6b8a23aae67d11bc1d38d351c26048e7c
- SHA512
  
  e98758a7dbf91f5bf6734221f0cac637c6da789cc9177dedba78786225a04a718707cf89d8bc28ec13583bb7b517831e97efa4ea7efaf5ddc5dd1d5b27f4f858
- SSDEEP
  
  49152:QyuKYDZ0WnCJ+KLmxup45dGKvghxfki1iY9buOBqFB5jSlM/Zf0weeDNx4L:T2Z0toKbKcvbuOBqFB5j8MNtLNx4
Score

8^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2