cdefcd7392beea04750f2ddde8bb95b06149d2540a3fd8153664f44c06e11e28 | Triage

Sharing

General

Target

cdefcd7392beea04750f2ddde8bb95b06149d2540a3fd8153664f44c06e11e28
Size

373KB
Sample

221128-bsp9wshg7w
MD5

f06397a4c470da4e9c02a27b83984d59
SHA1

c15364a41bf1356d2b931a4efa655900b5cf1e35
SHA256

cdefcd7392beea04750f2ddde8bb95b06149d2540a3fd8153664f44c06e11e28
SHA512

e2053abcc8042de111319e0fdc73407b7ba0c9d1817d6a09d2c8d368c57fa5163694a72db3b407a2f4c03509d222d4ccfc0f2f28211ccf1f99d271d0b5f121f7
SSDEEP

6144:SY94Nbyc7opAnouSFytRhrf4hM7H6T9wFnzmSyzmFbDXVmDMQ+T:R9ObyfpAo3UtjrgVTYzm52HwZ+T

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  cdefcd7392beea04750f2ddde8bb95b06149d2540a3fd8153664f44c06e11e28
- Size
  
  373KB
- MD5
  
  f06397a4c470da4e9c02a27b83984d59
- SHA1
  
  c15364a41bf1356d2b931a4efa655900b5cf1e35
- SHA256
  
  cdefcd7392beea04750f2ddde8bb95b06149d2540a3fd8153664f44c06e11e28
- SHA512
  
  e2053abcc8042de111319e0fdc73407b7ba0c9d1817d6a09d2c8d368c57fa5163694a72db3b407a2f4c03509d222d4ccfc0f2f28211ccf1f99d271d0b5f121f7
- SSDEEP
  
  6144:SY94Nbyc7opAnouSFytRhrf4hM7H6T9wFnzmSyzmFbDXVmDMQ+T:R9ObyfpAo3UtjrgVTYzm52HwZ+T
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer