31d0c992f39f56d0291be6f945c960a924c630939b2d889bcf85c875f9e41bef | Triage

Sharing

General

Target

31d0c992f39f56d0291be6f945c960a924c630939b2d889bcf85c875f9e41bef
Size

3.6MB
Sample

221125-jzfyssgb9z
MD5

f57e30875c655be6268184dd08230757
SHA1

ed56fc6bb382b1d4723f4a2452699f896e2568fc
SHA256

31d0c992f39f56d0291be6f945c960a924c630939b2d889bcf85c875f9e41bef
SHA512

bd78fd6ce84fe83b3243b9ec7dac9871b93b5e6f8e5efd37f7ab6642850518b4e34bbf7c427d699db3cdb720eed2f12834cbf035f6c48de9ce8c8e0e8e64a961
SSDEEP

49152:PplCbPQRUD0k1rczqGu34fYK/PkoqtXqfrioWf42N/YtG29nrPc7e6txJ6fSXf8t:CYoG0of5RqtXqfriR42N/29nzirtxJD

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  31d0c992f39f56d0291be6f945c960a924c630939b2d889bcf85c875f9e41bef
- Size
  
  3.6MB
- MD5
  
  f57e30875c655be6268184dd08230757
- SHA1
  
  ed56fc6bb382b1d4723f4a2452699f896e2568fc
- SHA256
  
  31d0c992f39f56d0291be6f945c960a924c630939b2d889bcf85c875f9e41bef
- SHA512
  
  bd78fd6ce84fe83b3243b9ec7dac9871b93b5e6f8e5efd37f7ab6642850518b4e34bbf7c427d699db3cdb720eed2f12834cbf035f6c48de9ce8c8e0e8e64a961
- SSDEEP
  
  49152:PplCbPQRUD0k1rczqGu34fYK/PkoqtXqfrioWf42N/YtG29nrPc7e6txJ6fSXf8t:CYoG0of5RqtXqfriR42N/29nzirtxJD
Score

8^/10

adware discovery persistence stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer