a913bf3bee70654502bad100f70c9a117dc7c9cc3cc0c673c63161ae232b7499 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a913bf3bee70654502bad100f70c9a117dc7c9cc3cc0c673c63161ae232b7499
Size

363KB
Sample

221126-297hlscd49
MD5

2c83e27df4e5ec46315a37a7398511e5
SHA1

ded09bf5689cef19febfc6d7ca716cdd5ad50317
SHA256

a913bf3bee70654502bad100f70c9a117dc7c9cc3cc0c673c63161ae232b7499
SHA512

bdaab772c80470429ce74a05955b4dae50de6bb1f93ab34259c1719abc16c6529c88d4b0eba073fd4c3a5167716d827aa36a1262e846b1b0cec0e2c63c83b20d
SSDEEP

6144:XEQQW3WQsswJoOHRknCjFXyOAMBMHlmaqgFHM/ZfxkWWA:UQQWHstKOanyCOpObRHM/ZZ

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  98ME_20011_2kXP_20024/DRemover98_2K.exe
- Size
  
  132KB
- MD5
  
  d2e58250056996fec0023e8ef08c8563
- SHA1
  
  eef0d0d3f82a89c518e10b77f8729dcc0fec426b
- SHA256
  
  00e8ee665b67bc983811d1d0a83eecbf8b131501ac701c7cef37e9491ddf8e8a
- SHA512
  
  811031b7f0b14c4fcf5334426f27fcdbeca8b8e2d12935b8fc97870f5e4daf8df8254ec922e4f44a258a5664757e7d8abf503eb9d7bf00e6b335fd4e714b2e78
- SSDEEP
  
  3072:1a+ANS5hpxJQ+8QR+8lof+H8LoKe4/hQb:1a+US5hpNrjC+cL/
Score

8^/10
- Drops file in Drivers directory
behavioral1 behavioral2
- Target
  
  98ME_20011_2kXP_20024/SER9PL.sys
- Size
  
  33KB
- MD5
  
  f3463f0c4a48809f0d0a9a4c348ff34e
- SHA1
  
  aa0df61e2c9de81709746e8c9465de8bc16496be
- SHA256
  
  057d508e4c765b6d30b126cad8ad8eb0e8e088d5ab7cf490a255fcbc147c4819
- SHA512
  
  172d33819544b388f8a62d486f35944322f5ebf0ee2410bb08d4435874cddb79c553f0b3f045adc2edc36e1462b05b4f48a91f3e8e27e07132ca317ae662a1b8
- SSDEEP
  
  768:PywWiGpLF78UMRlM1mA6zMGbaZNthNplnyXZZxRet:KwWdLJaRlMQAn/ZNthNplnyJZxg
Score

1^/10
behavioral3 behavioral4
- Target
  
  98ME_20011_2kXP_20024/ser2pl.sys
- Size
  
  42KB
- MD5
  
  e42f03d1081c4f60d3db6c38235b1456
- SHA1
  
  532950938b99dc42596cb2bf349e9f617a583f2e
- SHA256
  
  6bd7329980e72e1d341aea5b090bcd53caf465b2fd4de7c511e63922d7eb29f0
- SHA512
  
  b03379efdb67d1176d56960d428d2b4e476f427aba425c23374b688af468f8f356e7163b4ab907e2537bfc4745b1cccdd3767b46cfbcbcd005a903338103f258
- SSDEEP
  
  768:Nolx4QKxyr6OQoqMp1gh9g3XXPYCu/TcDA/EPf9bUcoILQsiD:Y7ayVQoHp1wMPYbTGZgjD
Score

1^/10
behavioral5 behavioral6
- Target
  
  Config.exe
- Size
  
  48KB
- MD5
  
  ef0d9fc38396ef924f488e07a615180b
- SHA1
  
  d64730154abf4c41040d58d29e216ccbe1afa71b
- SHA256
  
  7541fdf21bf5f8f1e220846e02ed919b6272c4ac352dd094952f8825e0310e69
- SHA512
  
  a5691f0f0af0490b6ee3acac0e5060fbee914ac31871f334f52cce7cf03102e38ace2c641cc74e4c6e1cc1a23e9350b1faf2a26ca0bc9e629f10e299b543674e
- SSDEEP
  
  192:C8ydsXb2WkunoJlmCICIP1oynVwy144UZAn5YD5982k1qwkWbBdFlloh:Emr2k1Xwy144UZq5YD5e0wBBbwh
Score

8^/10

persistence
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  USBSetup.exe
- Size
  
  780KB
- MD5
  
  aac934939eebe547eb0caab0746efeae
- SHA1
  
  6e76ca5acb7813c68da6a249734c9017f9f5629f
- SHA256
  
  832a333089b60f28e766f7af6eeb8171d6074d03c1570210a7875e5f532f2e37
- SHA512
  
  4f2f1eae93525fa409fc813e32e2c5d27c15b7c77438702f4b5f861100fc22db915a274c2cd19072f5f1364536eb8fb82f1d1c559a1f1714e1083fcf7ec8dd46
- SSDEEP
  
  12288:suMYSz51U71T1PSoQirUJ296K3IjBUlU/D2tVB4p8CzK28:5dSz581PNQirUJy0VUi/K3Bi8K
Score

8^/10

adware persistence stealer
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

adwarepersistencestealer

behavioral10

adwarepersistencestealer