29c8b2ca0a45aaef0cc4f71cc30e5ba8274aa4e71e520bc0558496de0e57a038 | Triage

Sharing

General

Target

29c8b2ca0a45aaef0cc4f71cc30e5ba8274aa4e71e520bc0558496de0e57a038
Size

4.1MB
Sample

221125-d3wkrshb97
MD5

a47480e1f6f751fa0e1da7484c98905e
SHA1

dc83d1ce41fdeab866453d8bec9954eb149f5d8a
SHA256

29c8b2ca0a45aaef0cc4f71cc30e5ba8274aa4e71e520bc0558496de0e57a038
SHA512

7d2d3a338c871596ef0d7cb7f022c56cb20ec74cf6588119e662d4469b60c9aa8026eb10087b706f17b39d9bab71b972a6d263f0b7ed50498699c055d7a20983
SSDEEP

49152:gRvmsLQJJ/8QtjUVqA0wXMVnfwZU5BcumOquFSyaXO8jsnHsiLw8LQdTqg:gZmHqQWHMJqEaXO8C/Lwrhq

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  29c8b2ca0a45aaef0cc4f71cc30e5ba8274aa4e71e520bc0558496de0e57a038
- Size
  
  4.1MB
- MD5
  
  a47480e1f6f751fa0e1da7484c98905e
- SHA1
  
  dc83d1ce41fdeab866453d8bec9954eb149f5d8a
- SHA256
  
  29c8b2ca0a45aaef0cc4f71cc30e5ba8274aa4e71e520bc0558496de0e57a038
- SHA512
  
  7d2d3a338c871596ef0d7cb7f022c56cb20ec74cf6588119e662d4469b60c9aa8026eb10087b706f17b39d9bab71b972a6d263f0b7ed50498699c055d7a20983
- SSDEEP
  
  49152:gRvmsLQJJ/8QtjUVqA0wXMVnfwZU5BcumOquFSyaXO8jsnHsiLw8LQdTqg:gZmHqQWHMJqEaXO8C/Lwrhq
Score

8^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2