bddf6cde34d044280d99e6a7893b466d0778404676e7ca22d0eece261e5533b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bddf6cde34d044280d99e6a7893b466d0778404676e7ca22d0eece261e5533b2
Size

6.9MB
Sample

221206-lypwesaf8s
MD5

c0d53fcf8d604e3459930cc05b92eaaf
SHA1

d98d85f1f925d39b51cef9601a2d7421b0da2986
SHA256

bddf6cde34d044280d99e6a7893b466d0778404676e7ca22d0eece261e5533b2
SHA512

4307dd89fd1cac822b20d0333353a45f4b11a3dd7e8be9506242270e572ee09011b85c812940d50cb91e4520bd48902243d94c61320f46f5a79d4f34a7bbb9a6
SSDEEP

49152:Szrh20HcSyFeOJpl6IKxrrQwgTz4HhsH+oYTRayy2LFxK5e6JZp2c:+rh2RTSfQwNHhluy

Score

8^/10

adware stealer

Malware Config

Targets

- Target
  
  bddf6cde34d044280d99e6a7893b466d0778404676e7ca22d0eece261e5533b2
- Size
  
  6.9MB
- MD5
  
  c0d53fcf8d604e3459930cc05b92eaaf
- SHA1
  
  d98d85f1f925d39b51cef9601a2d7421b0da2986
- SHA256
  
  bddf6cde34d044280d99e6a7893b466d0778404676e7ca22d0eece261e5533b2
- SHA512
  
  4307dd89fd1cac822b20d0333353a45f4b11a3dd7e8be9506242270e572ee09011b85c812940d50cb91e4520bd48902243d94c61320f46f5a79d4f34a7bbb9a6
- SSDEEP
  
  49152:Szrh20HcSyFeOJpl6IKxrrQwgTz4HhsH+oYTRayy2LFxK5e6JZp2c:+rh2RTSfQwNHhluy
Score

8^/10

adware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2