bde385b807b6a363f78e9ba75559e295569e15ff167235aa64aaf2f3cf158a3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bde385b807b6a363f78e9ba75559e295569e15ff167235aa64aaf2f3cf158a3d
Size

92KB
Sample

221203-rfn43abd3x
MD5

7912633f65c991c198ef424e88646412
SHA1

38b9d5d8502192bd7808897d40b31c08d0e64297
SHA256

bde385b807b6a363f78e9ba75559e295569e15ff167235aa64aaf2f3cf158a3d
SHA512

62f9af72b2c5712bcb55d5c727b825b4252ec7db2dbcfcb1e5dd57edd6387793139d272c4d511213b4a86c5f70901b902e9ad4b79ddf63dfe6515c6bcc0fb627
SSDEEP

1536:VyHIcz+j0W2QA5v974JyZuCWPt4eCq8P062EKRpNR3YHaeAHaeee:yIi+jV2n7WyZuCWqM82EOxqQ

Score

8^/10

adware evasion stealer trojan

Malware Config

Targets

- Target
  
  bde385b807b6a363f78e9ba75559e295569e15ff167235aa64aaf2f3cf158a3d
- Size
  
  92KB
- MD5
  
  7912633f65c991c198ef424e88646412
- SHA1
  
  38b9d5d8502192bd7808897d40b31c08d0e64297
- SHA256
  
  bde385b807b6a363f78e9ba75559e295569e15ff167235aa64aaf2f3cf158a3d
- SHA512
  
  62f9af72b2c5712bcb55d5c727b825b4252ec7db2dbcfcb1e5dd57edd6387793139d272c4d511213b4a86c5f70901b902e9ad4b79ddf63dfe6515c6bcc0fb627
- SSDEEP
  
  1536:VyHIcz+j0W2QA5v974JyZuCWPt4eCq8P062EKRpNR3YHaeAHaeee:yIi+jV2n7WyZuCWqM82EOxqQ
Score

8^/10

adware evasion stealer trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealertrojan

behavioral2

adwareevasionstealertrojan