38cdfb86d0025937d70600824376db22f970a3271de2a23cb636f14b0f63c222 | Triage

Sharing

General

Target

38cdfb86d0025937d70600824376db22f970a3271de2a23cb636f14b0f63c222
Size

41KB
Sample

221127-1611zscg56
MD5

5ecb0059a06aac7e43116df1ba649fed
SHA1

1198bb76b50d56483f60726ed6d3a15cfc6be41e
SHA256

38cdfb86d0025937d70600824376db22f970a3271de2a23cb636f14b0f63c222
SHA512

5a61350f3d7e54e96644f035195afdcdbd5812ba7964936acfa847b687aac5b2bc3e9f95bbb189a7885521f73cb9d541dcb5adde746ab662be3edaedce6572de
SSDEEP

768:tkMHzpbQfiaDK9YKU3jsbVCebaTLnvRvpn4HrKwmg9ex36ZDX9J64e2cSI+22P:tDKfiHzCebaTzZvpn4LpNQ6pX9J6RK7P

Score

10^/10

adware evasion stealer trojan

Malware Config

Targets

- Target
  
  copia_do_documento.exe
- Size
  
  140KB
- MD5
  
  da23a82c2b7f0e3be078dac023e36914
- SHA1
  
  836feba24264859fd7a7a73964386342f7757a36
- SHA256
  
  4fc6e89128e13ba773311448e69a718b278172810537caee89fe415457f73142
- SHA512
  
  1484f659e12be82d4ecc7f27c6edf364e935c0acc0a86245d1f8fc47d33ea8ec6df3ab7e2b922672f68b62a5a5b7edbcfbde8b34f61ca537858b2a81549534e9
- SSDEEP
  
  3072:KqhVNmE0yFVOaeDF9eoyfp7zoH8wf4iBHeS:KqrNJ8ooyF48wf4iBHe
Score

10^/10

adware evasion stealer trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealertrojan

behavioral2

adwareevasionstealertrojan