bd4fe9e82e9bb499e8ebf119416cd2f57d6f94ecf2fd2b7fb02f28ba071c411a | Triage

Sharing

General

Target

bd4fe9e82e9bb499e8ebf119416cd2f57d6f94ecf2fd2b7fb02f28ba071c411a
Size

1.1MB
Sample

221207-bpjb6sbh52
MD5

8846b0761255af29bd5fa2ed409c71ea
SHA1

eeb349c0f99c6348d2bb564ab4f68fc637af25fb
SHA256

bd4fe9e82e9bb499e8ebf119416cd2f57d6f94ecf2fd2b7fb02f28ba071c411a
SHA512

90a9e551dced717241695075bd4e12e1f84858583b100801041647d8794f7c2ddc2de4d2592d1673b85f0a430f939d4aaa5bc45b47798d7c2660f35aacfa5368
SSDEEP

24576:4hBlWCe04RvcOdMSsDxmYRtWGsa0leTiiqTJ:4hBLBWgmYRMQweT

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  bd4fe9e82e9bb499e8ebf119416cd2f57d6f94ecf2fd2b7fb02f28ba071c411a
- Size
  
  1.1MB
- MD5
  
  8846b0761255af29bd5fa2ed409c71ea
- SHA1
  
  eeb349c0f99c6348d2bb564ab4f68fc637af25fb
- SHA256
  
  bd4fe9e82e9bb499e8ebf119416cd2f57d6f94ecf2fd2b7fb02f28ba071c411a
- SHA512
  
  90a9e551dced717241695075bd4e12e1f84858583b100801041647d8794f7c2ddc2de4d2592d1673b85f0a430f939d4aaa5bc45b47798d7c2660f35aacfa5368
- SSDEEP
  
  24576:4hBlWCe04RvcOdMSsDxmYRtWGsa0leTiiqTJ:4hBLBWgmYRMQweT
Score

8^/10

adware persistence stealer
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer