3a207f5fc89f1c9417f1a326178de80c72fb719fa9f3680507381561550b6f85 | Triage

Submit
Reports

Overview

overview

Static

static

Vale_Presente.exe

windows7-x64

Vale_Presente.exe

windows10-2004-x64

Sharing

General

Target

3a207f5fc89f1c9417f1a326178de80c72fb719fa9f3680507381561550b6f85
Size

333KB
Sample

221125-yafztsdd71
MD5

4092ffea74c6faabaa49e5fbf61993d4
SHA1

90483019ddaf1353bd3f38ff55b104e42c792397
SHA256

3a207f5fc89f1c9417f1a326178de80c72fb719fa9f3680507381561550b6f85
SHA512

bf9ef76c4d7950038133b7c8423a83c4f9fa1055f00821e229881239a222d0061d3591a948c020d96199c87111f33aa97fbabf01e18ff6923e39a2e121cef635
SSDEEP

6144:UpeUb2Y35J9L7QGx4fCsi/FT1cZ587N/j6AfiN75EhBVxgrY:ULbP5J6fzuDcg7RZeFEBwY

Score

10^/10

adware evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Vale_Presente.exe

Resource

win7-20220901-en

adware evasion persistence stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Vale_Presente.exe

Resource

win10v2004-20221111-en

adware evasion persistence stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Vale_Presente.exe
- Size
  
  1.7MB
- MD5
  
  ea6ffad92153412e5237665c82c78799
- SHA1
  
  db71dca3183cb79d10cde3153d2c7eab4d6ad7d2
- SHA256
  
  f5a5f9093b00de4ab3740188f75612847e94551cba90878519637d86b5355e01
- SHA512
  
  ed13c783bfc614d2ed1c3b31e22cef33234c5ad77d1017f9368d5a6542a98325496f119a78fdc80bc92f1faa31ef06f079d8023e154ea6f987479bc06add5ae3
- SSDEEP
  
  3072:dwvqbFtkEyWvXFPmy/DA/cZd0SzsZpzbwgWamdUHGNFopPF1XeRBIytGVXi8FrTN:jDycXI6lZij/1TGFo5F1DXRDXy1
Score

10^/10

adware evasion persistence stealer trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencestealertrojan

behavioral2

adwareevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy