3ed0960e2b885f85e6742b2fbaa363f20dd3f8d5b5a12bf44a8fa53a0162eac7 | Triage

Sharing

General

Target

3ed0960e2b885f85e6742b2fbaa363f20dd3f8d5b5a12bf44a8fa53a0162eac7
Size

4.3MB
Sample

221125-cy53zaeg24
MD5

e6ad2c4bf46e721b66dc9a3a50b7a0fb
SHA1

e323cd9845a277d4d85cc235b0a0bf7f9f74d83e
SHA256

3ed0960e2b885f85e6742b2fbaa363f20dd3f8d5b5a12bf44a8fa53a0162eac7
SHA512

1a6ffec927aa168aba4957f2edfd9069c0717195712e571549c9fbb2ec54e8c519558b65ed02bfd1fad9b0ffce5f139a78949b2e6f0a2d82a30c5103bc4dcf76
SSDEEP

49152:XSuK4jZ0WHCpNqLmxup4ddGKvghxfki1Mc7SK3jSlM/Zf0weeDNxer:62Z0NvqbKcH7SK3j8MNtLNxe

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  3ed0960e2b885f85e6742b2fbaa363f20dd3f8d5b5a12bf44a8fa53a0162eac7
- Size
  
  4.3MB
- MD5
  
  e6ad2c4bf46e721b66dc9a3a50b7a0fb
- SHA1
  
  e323cd9845a277d4d85cc235b0a0bf7f9f74d83e
- SHA256
  
  3ed0960e2b885f85e6742b2fbaa363f20dd3f8d5b5a12bf44a8fa53a0162eac7
- SHA512
  
  1a6ffec927aa168aba4957f2edfd9069c0717195712e571549c9fbb2ec54e8c519558b65ed02bfd1fad9b0ffce5f139a78949b2e6f0a2d82a30c5103bc4dcf76
- SSDEEP
  
  49152:XSuK4jZ0WHCpNqLmxup4ddGKvghxfki1Mc7SK3jSlM/Zf0weeDNxer:62Z0NvqbKcH7SK3j8MNtLNxe
Score

8^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer