Overview

overview

10

Static

static

78fd70f390...21.exe

windows7-x64

10

78fd70f390...21.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78fd70f390e2c892ab3b83edfd34cdb64f6ffb210345de33006e50edf6fc4021

  • Size

    1.7MB

  • Sample

    221126-1ygmdagg68

  • MD5

    1b2ab2b2aa2f2532e6a637cd16ff2ce2

  • SHA1

    f457e45358dfc667d9742883d6e1bef6f774893c

  • SHA256

    78fd70f390e2c892ab3b83edfd34cdb64f6ffb210345de33006e50edf6fc4021

  • SHA512

    8669633abf62f0c751c9d4e7ba8cfa86ea27c1e7d74ae0954a87bcf068a0cfc82263ae877b5e5501a28f058d340a1ea75bd9d025128310a2efb8e71114e26ae1

  • SSDEEP

    3072:L2aGKIjMqGpg1OYGp2a4Frnum22wXyW7IklKSxX2Jg5uSIPf0/pG:l8jMqGpg1OYGp2BFKjcoK1gNIPf

Score
10/10
adwareevasionpersistencestealertrojan

Malware Config

Targets

    • Target

      78fd70f390e2c892ab3b83edfd34cdb64f6ffb210345de33006e50edf6fc4021

    • Size

      1.7MB

    • MD5

      1b2ab2b2aa2f2532e6a637cd16ff2ce2

    • SHA1

      f457e45358dfc667d9742883d6e1bef6f774893c

    • SHA256

      78fd70f390e2c892ab3b83edfd34cdb64f6ffb210345de33006e50edf6fc4021

    • SHA512

      8669633abf62f0c751c9d4e7ba8cfa86ea27c1e7d74ae0954a87bcf068a0cfc82263ae877b5e5501a28f058d340a1ea75bd9d025128310a2efb8e71114e26ae1

    • SSDEEP

      3072:L2aGKIjMqGpg1OYGp2a4Frnum22wXyW7IklKSxX2Jg5uSIPf0/pG:l8jMqGpg1OYGp2BFKjcoK1gNIPf

    Score
    10/10
    adwareevasionpersistencestealertrojan

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks