f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb | Triage

Submit
Reports

Overview

overview

8

Static

static

8

f3b8bfe2fa...fb.exe

windows7-x64

8

f3b8bfe2fa...fb.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb
Size

86KB
Sample

221206-yd78gsgc92
MD5

3c87c8eaf886d0ade8e29ebcb96b038b
SHA1

c797021ed43748c2771862b6c20b435f98a41b08
SHA256

f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb
SHA512

937052a0832ca8debe069900b8e75d0e9f35bc490dc234a6eb834b34c346b962187d157991fa6d8f32685031226763edd757983816595426a9b5ddb9465f5793
SSDEEP

1536:gQMc7gNTGCXjJLEf/CO2cNrELu8yCGZDB0Q8St96l80SPAR9mFnvV:xFmTGCXjdEyO2IrEaPCQJ8mcl8q9mFn9

Score

8^/10

adware discovery persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb.exe

Resource

win7-20221111-en

adware discovery persistence stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb.exe

Resource

win10v2004-20221111-en

adware discovery persistence stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb
- Size
  
  86KB
- MD5
  
  3c87c8eaf886d0ade8e29ebcb96b038b
- SHA1
  
  c797021ed43748c2771862b6c20b435f98a41b08
- SHA256
  
  f3b8bfe2fa8ebcf3807b8515288e80749d61b5de96473d0c66bf87cd5eba78fb
- SHA512
  
  937052a0832ca8debe069900b8e75d0e9f35bc490dc234a6eb834b34c346b962187d157991fa6d8f32685031226763edd757983816595426a9b5ddb9465f5793
- SSDEEP
  
  1536:gQMc7gNTGCXjJLEf/CO2cNrELu8yCGZDB0Q8St96l80SPAR9mFnvV:xFmTGCXjdEyO2IrEaPCQJ8mcl8q9mFn9
Score

8^/10

adware discovery persistence stealer upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealerupx

behavioral2

adwarediscoverypersistencestealerupx

© 2018-2025

Terms | Privacy