6173eca28aef857b9ccec2b3295a3ad9725d9d2cf26f8d773efe60c36e247670 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6173eca28aef857b9ccec2b3295a3ad9725d9d2cf26f8d773efe60c36e247670
Size

157KB
Sample

221203-c7trasgf23
MD5

c313f894bf03764fb2a997c05148e8ba
SHA1

39433fe8eab6a3691eb4bf0530c83296e2a7152f
SHA256

6173eca28aef857b9ccec2b3295a3ad9725d9d2cf26f8d773efe60c36e247670
SHA512

0ce460be8791df4f744812da293cfb8d3b42b829c269982fbd9639026819c52e11861e8e2be0e0b471234e815b345a924cf9a706637ef95bdbb887f8cf76d336
SSDEEP

3072:a8KuG+LVn8Ax9LX/wILej7Mz1N07rw43x4hxpXDXIUb:NKuG+LZX5X/i+v6n2h3DXNb

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  6173eca28aef857b9ccec2b3295a3ad9725d9d2cf26f8d773efe60c36e247670
- Size
  
  157KB
- MD5
  
  c313f894bf03764fb2a997c05148e8ba
- SHA1
  
  39433fe8eab6a3691eb4bf0530c83296e2a7152f
- SHA256
  
  6173eca28aef857b9ccec2b3295a3ad9725d9d2cf26f8d773efe60c36e247670
- SHA512
  
  0ce460be8791df4f744812da293cfb8d3b42b829c269982fbd9639026819c52e11861e8e2be0e0b471234e815b345a924cf9a706637ef95bdbb887f8cf76d336
- SSDEEP
  
  3072:a8KuG+LVn8Ax9LX/wILej7Mz1N07rw43x4hxpXDXIUb:NKuG+LZX5X/i+v6n2h3DXNb
Score

8^/10

adware persistence stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer