b12c5d798da88cdb140fd3b9a1cdc179a3695d6166aaad09cd3f5d7002495899 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b12c5d798da88cdb140fd3b9a1cdc179a3695d6166aaad09cd3f5d7002495899
Size

754KB
Sample

221203-qhqv1agd71
MD5

2f8063ff947287b2f38f1328cae0a74b
SHA1

42efa8a55ff25f0213d8c41b7915be77614375b8
SHA256

b12c5d798da88cdb140fd3b9a1cdc179a3695d6166aaad09cd3f5d7002495899
SHA512

6b78e618950510d537c7f552729b6718acb4356607f7864645d7cf15a750b96d5c68b1bf738190725397993dc3c08fca8282d99879d76b1148242f0a59322ab5
SSDEEP

12288:cyzSqWgPpY4Jad+dP/yPDuE4hP+DF/P4t/3XuWFySo+5LJuOFAd4ALQ:cMSq/PpYSh/IDcP+DF/P4JuWFyrk+e

Score

7^/10

adware stealer

Malware Config

Targets

- Target
  
  b12c5d798da88cdb140fd3b9a1cdc179a3695d6166aaad09cd3f5d7002495899
- Size
  
  754KB
- MD5
  
  2f8063ff947287b2f38f1328cae0a74b
- SHA1
  
  42efa8a55ff25f0213d8c41b7915be77614375b8
- SHA256
  
  b12c5d798da88cdb140fd3b9a1cdc179a3695d6166aaad09cd3f5d7002495899
- SHA512
  
  6b78e618950510d537c7f552729b6718acb4356607f7864645d7cf15a750b96d5c68b1bf738190725397993dc3c08fca8282d99879d76b1148242f0a59322ab5
- SSDEEP
  
  12288:cyzSqWgPpY4Jad+dP/yPDuE4hP+DF/P4t/3XuWFySo+5LJuOFAd4ALQ:cMSq/PpYSh/IDcP+DF/P4JuWFyrk+e
Score

7^/10

adware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2