d167db6f02f5eb70ed2a98429e1901976fbef85ad7d1e2322f55608f33cd6ebc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d167db6f02f5eb70ed2a98429e1901976fbef85ad7d1e2322f55608f33cd6ebc
Size

206KB
Sample

221202-3jsr7sed84
MD5

317dbe5159d0a92edfe52ea547682aed
SHA1

0f8a68e666c53d5d2a2f12e3405ddb0cd512e084
SHA256

d167db6f02f5eb70ed2a98429e1901976fbef85ad7d1e2322f55608f33cd6ebc
SHA512

a91ab51cc979c79ffac0b30d08b00b1450e7cff28ea656680d575269106731a4c7f032d23f40cdb9a3e4ce8bd133976db62ec037367e51b62b7b0e9ace9fce1f
SSDEEP

6144:WTfFDbRnOTr/TrJ6JQwmH1xdLS5xa/VNsJJBD:U5ODgJ0H1LO5xaN2

Score

8^/10

adware stealer

Malware Config

Targets

- Target
  
  d167db6f02f5eb70ed2a98429e1901976fbef85ad7d1e2322f55608f33cd6ebc
- Size
  
  206KB
- MD5
  
  317dbe5159d0a92edfe52ea547682aed
- SHA1
  
  0f8a68e666c53d5d2a2f12e3405ddb0cd512e084
- SHA256
  
  d167db6f02f5eb70ed2a98429e1901976fbef85ad7d1e2322f55608f33cd6ebc
- SHA512
  
  a91ab51cc979c79ffac0b30d08b00b1450e7cff28ea656680d575269106731a4c7f032d23f40cdb9a3e4ce8bd133976db62ec037367e51b62b7b0e9ace9fce1f
- SSDEEP
  
  6144:WTfFDbRnOTr/TrJ6JQwmH1xdLS5xa/VNsJJBD:U5ODgJ0H1LO5xaN2
Score

8^/10

adware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2