a9a788677b211eac15c577764f90a05a1a7914b2e32f4d6298dca04da0e4bdae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9a788677b211eac15c577764f90a05a1a7914b2e32f4d6298dca04da0e4bdae
Size

247KB
Sample

221203-b213rade29
MD5

5885d6f961d9d01aa4e6ae148d8c5931
SHA1

9176c0f666381c63b4389d2f075a0f6a0338ee54
SHA256

a9a788677b211eac15c577764f90a05a1a7914b2e32f4d6298dca04da0e4bdae
SHA512

2917f0598753d2110e09efdb89c1cc885906837224e7b60305ff74cc2c5cfd82de1b238f7852c9d31ae55ce2246afaad703ca2356e0b9ce05249c0b5138153d4
SSDEEP

6144:6Y94Nwk+tc3gAHGqFj1CdeOcA1wt56SnVey:J9Ov93gK7FYdeOcqwzHUy

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  a9a788677b211eac15c577764f90a05a1a7914b2e32f4d6298dca04da0e4bdae
- Size
  
  247KB
- MD5
  
  5885d6f961d9d01aa4e6ae148d8c5931
- SHA1
  
  9176c0f666381c63b4389d2f075a0f6a0338ee54
- SHA256
  
  a9a788677b211eac15c577764f90a05a1a7914b2e32f4d6298dca04da0e4bdae
- SHA512
  
  2917f0598753d2110e09efdb89c1cc885906837224e7b60305ff74cc2c5cfd82de1b238f7852c9d31ae55ce2246afaad703ca2356e0b9ce05249c0b5138153d4
- SSDEEP
  
  6144:6Y94Nwk+tc3gAHGqFj1CdeOcA1wt56SnVey:J9Ov93gK7FYdeOcqwzHUy
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer