c5f9e877204425477ffa47734827cd95b7bf081df1eba4c81e114c3007c107d7 | Triage

Sharing

General

Target

c5f9e877204425477ffa47734827cd95b7bf081df1eba4c81e114c3007c107d7
Size

156KB
Sample

221125-pejf3sah8v
MD5

8cbb847d4b417c7890e971fa1816e47e
SHA1

431e993c91ef518391120a3d6c7d4cdaa8892d92
SHA256

c5f9e877204425477ffa47734827cd95b7bf081df1eba4c81e114c3007c107d7
SHA512

639512f9a8f05f6fca820eaf2a66934b5cb738dc01bd62fcf9c5e3f06c1c9dd7c725031d24a024f2fa11e28050ba49d2db91ed95d6649bfc76a12ea2c0d14c7f
SSDEEP

3072:D/JNqhkWYneP6Gz8pB00e+te46Jkw76aDEmmBsBX4XSYJPkB3K3Wn3GAtUY:DRNqan00e+W2N/i4JPkBK3Wn3GAtV

Score

10^/10

adware evasion stealer trojan

Malware Config

Targets

- Target
  
  c5f9e877204425477ffa47734827cd95b7bf081df1eba4c81e114c3007c107d7
- Size
  
  156KB
- MD5
  
  8cbb847d4b417c7890e971fa1816e47e
- SHA1
  
  431e993c91ef518391120a3d6c7d4cdaa8892d92
- SHA256
  
  c5f9e877204425477ffa47734827cd95b7bf081df1eba4c81e114c3007c107d7
- SHA512
  
  639512f9a8f05f6fca820eaf2a66934b5cb738dc01bd62fcf9c5e3f06c1c9dd7c725031d24a024f2fa11e28050ba49d2db91ed95d6649bfc76a12ea2c0d14c7f
- SSDEEP
  
  3072:D/JNqhkWYneP6Gz8pB00e+te46Jkw76aDEmmBsBX4XSYJPkB3K3Wn3GAtUY:DRNqan00e+W2N/i4JPkBK3Wn3GAtV
Score

10^/10

adware evasion stealer trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealertrojan

behavioral2

adwareevasionstealertrojan