322b4a05172de19e907e56ce8294b3d575df226bbb3d267ac025d0802d740e96 | Triage

Sharing

General

Target

322b4a05172de19e907e56ce8294b3d575df226bbb3d267ac025d0802d740e96
Size

753KB
Sample

221127-156vvacf86
MD5

fee020c1ce1046f4e988ad3aadd59b56
SHA1

f3b8e045b6991f843d5e344a68153655a6f4232d
SHA256

322b4a05172de19e907e56ce8294b3d575df226bbb3d267ac025d0802d740e96
SHA512

e886e44880639f1256175aa6f64c1a21c63f38e0285356592aab23c75415598acecfea9f2c7d8757f7a1a46f12ca7fdb97ff25c48854905ca0a2aa4636343e97
SSDEEP

12288:alwBx7Evg0KaJoS45u9Bct2IluWELuTVY+B+4rvnPLfOLCbL8s883/FJUVhYzBN5:Iw4vtKPpM9By7U6TV1lPa68RE/FchYdT

Score

8^/10

adware stealer

Malware Config

Targets

- Target
  
  Pubwin4全自动安装绿色版.exe
- Size
  
  793KB
- MD5
  
  55d3ef73d31e9272c88145d243b7ead5
- SHA1
  
  ac9043c412533088c40e7eaf469147fd3fa06e01
- SHA256
  
  754f661ea3553ad517f14376ceb6d668df2ae68957a0d9282aac6a777a04c078
- SHA512
  
  06d4a2999b016636b73f0bc3713a56cf8ab94e479e8fc34a94c67ad4f7e8b44127afabe8dcf61a4f7fe87417db9bd2672cdc4a2ba3e3f285d90bfae5bf377aae
- SSDEEP
  
  24576:v2O/GlibdEQN+ixzLusZiSSyw4vBRY0Lr20x/Qqa:L+Qlx/9ZhSyw2LY0LCy2
Score

8^/10

adware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  下载站注释.lnk
- Size
  
  843B
- MD5
  
  4c509db4f8e3387169a1fff0ce12e3b5
- SHA1
  
  b413fbfbb6a7162ddf31aa42c530edc6da0bf24a
- SHA256
  
  8233f961dc4b40fdc113f147a3daf3ea56cd78db85bb572ba583f468cd463164
- SHA512
  
  6499c426d55f76f6e1c72a0905dcc9d17ab4dd2e2da4c9ba54e67ddf3dd4bca033ead12310fcb9c817161b50bd0d432a3f0ab7723fbb74b6aa062304f01a18da
Score

3^/10
behavioral3 behavioral4
- Target
  
  宝窝下载站.url
- Size
  
  160B
- MD5
  
  3ad0b5060e94a70e51d14702559a0ba5
- SHA1
  
  889afb7c74961c84c6000ccae3fd59a2b8eeefae
- SHA256
  
  66276f31528a03fead68ecb613bb843cbdd1121b21b197a48b8852475c9758d3
- SHA512
  
  f6923ff79258754630c31b8039b31223134dc656b22eb2cbc15f2e22928b3528c3bda4bf4f7cd9f8b1e3e364afda81727cd001f61e406eed45d1fa010fdd557d
Score

1^/10
behavioral5 behavioral6
- Target
  
  美女小游戏.url
- Size
  
  120B
- MD5
  
  a06e4ae61b71fca51243cb84c60730e9
- SHA1
  
  bf8a0ca37bae911964b068aa0af21b66bad6b7f3
- SHA256
  
  6f7e79ee5d0e215194d5162988e386b26e530447e83acfdc05aeb692118e5a52
- SHA512
  
  b9a28f327b45e46729d013ddf17b98fb1c071e339162297ba97f7a27a91fe1acb09a1e02a437aa49fcc07940c77aeecb026129cbfbec0826633eefbdacd65c99
Score

1^/10
behavioral7 behavioral8
- Target
  
  说明.url
- Size
  
  173B
- MD5
  
  c3b6e9f5fb54008c3af93b9bc900fd6b
- SHA1
  
  56e2b40eb7acb4ca32503ad7b3b6c930c8470488
- SHA256
  
  337d5106ed6ac516384ea4cdb2bba5c7b216533bec4a2cc974561e69194e2b69
- SHA512
  
  6a453105dd94792d9fd039ed76c182d8c611243c581970744e1cb7c4a4af3a88c8ce772ca2ed22d33b70a0663bff85da0ad6702721534acf58b439fa0caa8402
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10