286bc1d84eb04c6200a6bf90c3bab4db22d93bd8feb4cec33531e0a2fe8c29b4 | Triage

Sharing

General

Target

286bc1d84eb04c6200a6bf90c3bab4db22d93bd8feb4cec33531e0a2fe8c29b4
Size

979KB
Sample

221125-d6asgahd59
MD5

ea8e329ad6e62c4e9e8667a852c00d18
SHA1

bf5d2dec0e6c4320858be294a021ea7c35578c95
SHA256

286bc1d84eb04c6200a6bf90c3bab4db22d93bd8feb4cec33531e0a2fe8c29b4
SHA512

71b7e78b8621e4a97a9ef4d932112ab8003790ed8b0268e0204a4c93101634271ceac2eed09a56ccbc3c5428bd5fa9ba95014a81643f6749a6e565fa5f3780f7
SSDEEP

24576:0czJqVSvDmv5oZ6KQxSAU5+ITTC9R6iiMRaM74:0cMJRu6KQAAC7/CW/OM

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  286bc1d84eb04c6200a6bf90c3bab4db22d93bd8feb4cec33531e0a2fe8c29b4
- Size
  
  979KB
- MD5
  
  ea8e329ad6e62c4e9e8667a852c00d18
- SHA1
  
  bf5d2dec0e6c4320858be294a021ea7c35578c95
- SHA256
  
  286bc1d84eb04c6200a6bf90c3bab4db22d93bd8feb4cec33531e0a2fe8c29b4
- SHA512
  
  71b7e78b8621e4a97a9ef4d932112ab8003790ed8b0268e0204a4c93101634271ceac2eed09a56ccbc3c5428bd5fa9ba95014a81643f6749a6e565fa5f3780f7
- SSDEEP
  
  24576:0czJqVSvDmv5oZ6KQxSAU5+ITTC9R6iiMRaM74:0cMJRu6KQAAC7/CW/OM
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealer