959abc153b718f0e965fe4676734bef134d7e6c68a0c9d4c7505d671c1ccb54b | Triage

Sharing

General

Target

959abc153b718f0e965fe4676734bef134d7e6c68a0c9d4c7505d671c1ccb54b
Size

3.7MB
Sample

221125-h9eytaah37
MD5

a610e8a25b4a2e7c50ffc56def478d3a
SHA1

682becc19ee247925bb21b9bcee1b89da104fa87
SHA256

959abc153b718f0e965fe4676734bef134d7e6c68a0c9d4c7505d671c1ccb54b
SHA512

6064b0e475b7207db2041cf1e99845dc74f86758e7b8d3e4fac3ecd3eb93bfb673b114d17399b1c4e137d5e45fbbe483265f0e19beb22543ccb5933d88573b2d
SSDEEP

49152:PXpqcT0YmuuYvk4ZzOriT/mDj85+jjMwGwd4rsM:sgyuBvWrOmk+jjMwd4

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  959abc153b718f0e965fe4676734bef134d7e6c68a0c9d4c7505d671c1ccb54b
- Size
  
  3.7MB
- MD5
  
  a610e8a25b4a2e7c50ffc56def478d3a
- SHA1
  
  682becc19ee247925bb21b9bcee1b89da104fa87
- SHA256
  
  959abc153b718f0e965fe4676734bef134d7e6c68a0c9d4c7505d671c1ccb54b
- SHA512
  
  6064b0e475b7207db2041cf1e99845dc74f86758e7b8d3e4fac3ecd3eb93bfb673b114d17399b1c4e137d5e45fbbe483265f0e19beb22543ccb5933d88573b2d
- SSDEEP
  
  49152:PXpqcT0YmuuYvk4ZzOriT/mDj85+jjMwGwd4rsM:sgyuBvWrOmk+jjMwd4
Score

8^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer