705b02eacf65ae6e91755243bdfe0af4a9c13379ff692066cccbdc9a84da1f78 | Triage

Sharing

General

Target

705b02eacf65ae6e91755243bdfe0af4a9c13379ff692066cccbdc9a84da1f78
Size

735KB
Sample

221206-adk6ysad55
MD5

777b2b5a2d4556c6cb02c0e71e4b1239
SHA1

58c1add8713d7357cd4ece1baf260fc06b098746
SHA256

705b02eacf65ae6e91755243bdfe0af4a9c13379ff692066cccbdc9a84da1f78
SHA512

4111062d8cff58bdf302e3dd19b1b48bb113d1b76848d04b56bc91e34b666191ffde7e6a3540277394c3ac9c23b0be3a7d747114a98b6046a0aa3e1ec8e96d12
SSDEEP

12288:R9OFuozCW9qr3BsG0pRPCBsxXoOgGIYd9UTiMviX4/WQbreYTHwq7If:mUDBDaG0pPgGII9uF+wSowq7If

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  705b02eacf65ae6e91755243bdfe0af4a9c13379ff692066cccbdc9a84da1f78
- Size
  
  735KB
- MD5
  
  777b2b5a2d4556c6cb02c0e71e4b1239
- SHA1
  
  58c1add8713d7357cd4ece1baf260fc06b098746
- SHA256
  
  705b02eacf65ae6e91755243bdfe0af4a9c13379ff692066cccbdc9a84da1f78
- SHA512
  
  4111062d8cff58bdf302e3dd19b1b48bb113d1b76848d04b56bc91e34b666191ffde7e6a3540277394c3ac9c23b0be3a7d747114a98b6046a0aa3e1ec8e96d12
- SSDEEP
  
  12288:R9OFuozCW9qr3BsG0pRPCBsxXoOgGIYd9UTiMviX4/WQbreYTHwq7If:mUDBDaG0pPgGII9uF+wSowq7If
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer