Overview

overview

10

Static

static

8

f0ad728dea...33.exe

windows7-x64

10

f0ad728dea...33.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f0ad728deabfbea0f415a53ac8f09a1750cf85dcd4878e8a12b76b1b867a7633

  • Size

    34KB

  • Sample

    221206-xtpweahd2x

  • MD5

    713aaa74e754b5827de9889853b72e09

  • SHA1

    9814e2edb1a663ba4b0ff05cb127ae70efa88a21

  • SHA256

    f0ad728deabfbea0f415a53ac8f09a1750cf85dcd4878e8a12b76b1b867a7633

  • SHA512

    4be4633528f5c6bc436ebdd0fe1c2bd879b15c1f36b846a74fee8f7ccbdffbaf5afbb7cf9ac3f2577749835b06f3d052022b48e7f8203ff8d1f34526ad5b9c65

  • SSDEEP

    768:4Ma2+FwiAZao7sLsqJvWfrIooxQxUdgZXPbN9L5pldmdA:mW7es1fcQ22XhTcq

Score
10/10
adwareevasionpersistencestealerupx

Malware Config

Targets

    • Target

      f0ad728deabfbea0f415a53ac8f09a1750cf85dcd4878e8a12b76b1b867a7633

    • Size

      34KB

    • MD5

      713aaa74e754b5827de9889853b72e09

    • SHA1

      9814e2edb1a663ba4b0ff05cb127ae70efa88a21

    • SHA256

      f0ad728deabfbea0f415a53ac8f09a1750cf85dcd4878e8a12b76b1b867a7633

    • SHA512

      4be4633528f5c6bc436ebdd0fe1c2bd879b15c1f36b846a74fee8f7ccbdffbaf5afbb7cf9ac3f2577749835b06f3d052022b48e7f8203ff8d1f34526ad5b9c65

    • SSDEEP

      768:4Ma2+FwiAZao7sLsqJvWfrIooxQxUdgZXPbN9L5pldmdA:mW7es1fcQ22XhTcq

    Score
    10/10
    adwareevasionpersistencestealerupx

    • Modifies firewall policy service

      evasion

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks