c16bb1dc143768fd447c7058af1e049ec4da42ee7ab705f0f6e492b5c5f04657 | Triage

Submit
Reports

Overview

overview

Static

static

Vale_Presente.exe

windows7-x64

Vale_Presente.exe

windows10-2004-x64

Sharing

General

Target

c16bb1dc143768fd447c7058af1e049ec4da42ee7ab705f0f6e492b5c5f04657
Size

330KB
Sample

221125-yad58sdd7x
MD5

b3663580be966c43649bf38e7227c0ba
SHA1

611354029856acecd47f26c2145cbe855c5653de
SHA256

c16bb1dc143768fd447c7058af1e049ec4da42ee7ab705f0f6e492b5c5f04657
SHA512

27b65dcad937710eed8fb3a1fcb2a9e37e9c4caa215186763bc1f36023f0c073e9b89504d9cde62c34ed199fde838adb9b794e39d2d246b37eaee5ee470b0a50
SSDEEP

6144:CpeUL2Y35J9LBQ0x4XCsixFT10Z5S7N/j6AviNNx8O:CLLP5JMXz6D0e7RZONx8O

Score

10^/10

adware evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Vale_Presente.exe

Resource

win7-20221111-en

adware evasion persistence stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Vale_Presente.exe

Resource

win10v2004-20221111-en

adware evasion persistence stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Vale_Presente.exe
- Size
  
  1.7MB
- MD5
  
  ea6ffad92153412e5237665c82c78799
- SHA1
  
  db71dca3183cb79d10cde3153d2c7eab4d6ad7d2
- SHA256
  
  f5a5f9093b00de4ab3740188f75612847e94551cba90878519637d86b5355e01
- SHA512
  
  ed13c783bfc614d2ed1c3b31e22cef33234c5ad77d1017f9368d5a6542a98325496f119a78fdc80bc92f1faa31ef06f079d8023e154ea6f987479bc06add5ae3
- SSDEEP
  
  3072:dwvqbFtkEyWvXFPmy/DA/cZd0SzsZpzbwgWamdUHGNFopPF1XeRBIytGVXi8FrTN:jDycXI6lZij/1TGFo5F1DXRDXy1
Score

10^/10

adware evasion persistence stealer trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencestealertrojan

behavioral2

adwareevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy