ff787b3a0eb37487a2b1b476b428e6c45dae139658731876e78ddb756754bf0d | Triage

Sharing

General

Target

ff787b3a0eb37487a2b1b476b428e6c45dae139658731876e78ddb756754bf0d
Size

3.6MB
Sample

221125-hf8c9sgg74
MD5

c02cf194c32a99accd4b53210f8f1fa3
SHA1

585287d2439d9a6902873f015f35d138606d78be
SHA256

ff787b3a0eb37487a2b1b476b428e6c45dae139658731876e78ddb756754bf0d
SHA512

9570ac6a23363c56f182dd58a0ad9830dc06ecadfa083abceebe33c8651bdbd65ebc81843cacfc89aa32418f3f6e1176b66a55ac07d0249bc28fb4fad32d2761
SSDEEP

49152:E61oYnFLDpaLk2iZn2vqEmSBm4sKGs9j/6py/DOX4:5aLQn2yEmSBm4s/stSpyLO

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  ff787b3a0eb37487a2b1b476b428e6c45dae139658731876e78ddb756754bf0d
- Size
  
  3.6MB
- MD5
  
  c02cf194c32a99accd4b53210f8f1fa3
- SHA1
  
  585287d2439d9a6902873f015f35d138606d78be
- SHA256
  
  ff787b3a0eb37487a2b1b476b428e6c45dae139658731876e78ddb756754bf0d
- SHA512
  
  9570ac6a23363c56f182dd58a0ad9830dc06ecadfa083abceebe33c8651bdbd65ebc81843cacfc89aa32418f3f6e1176b66a55ac07d0249bc28fb4fad32d2761
- SSDEEP
  
  49152:E61oYnFLDpaLk2iZn2vqEmSBm4sKGs9j/6py/DOX4:5aLQn2yEmSBm4s/stSpyLO
Score

8^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer