0f74f24a5c1b60aca05d1292e91b351243b3cd95dda66cd6dfdd13e8fd0c26a0

Resubmissions

03-03-2023 01:44

230303-b6arcsfc9s 10

03-03-2023 01:42

230303-b4nv7sfc7z 7

03-03-2023 01:39

230303-b2ymmafg72 8

Sharing

Copy URL

Twitter E-mail

General

Target

regdelete-readme-edits.zip
Size

102KB
Sample

230303-b6arcsfc9s
MD5

c311b0155c1b4b6fa69907535561ab6e
SHA1

6f67ac188a59afe75c9823aa67c71f5965da3ed5
SHA256

0f74f24a5c1b60aca05d1292e91b351243b3cd95dda66cd6dfdd13e8fd0c26a0
SHA512

85fed902be923a86c69320568c2bf7e122a415f83cb82f414b4928da744d037e2096f2121289e988f6462da52a84bd8b0c70814e30e1f5182d64454a1c9d8484
SSDEEP

3072:YmKFecO/Q3TWn8N2ArDlz4N7/82WXYAikEC:0xO/Ln8RGNL8xriJC

Score

10^/10

Malware Config

Targets

- Target
  
  regdelete-readme-edits/hell9o.exe
- Size
  
  172KB
- MD5
  
  2e933118fecbaf64bbd76514c47a2164
- SHA1
  
  a70a1673c4c7d0c0c12bc42bc676a1e9a09edc21
- SHA256
  
  5268359ebc3f9e709c8eee1fa9d3e7c579b3e4563fabb9c394abe0fe2e39137f
- SHA512
  
  c34672e55625462d16051cd725c96d634e459d61a9552f858f0b234d5eedf67594ca336f4fd695e3046c4e0485d4fa4497b6c604ee4144c49a6c1c0838628bdb
- SSDEEP
  
  3072:xBtaM5EWCrATe105GWp1icKAArDZz4N9GhbkrNEk1lM:ZaM5zbp0yN90QEp
Score

10^/10

persistence adware evasion stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Modifies Installed Components in the registry
  persistence
- Registers new Print Monitor
  persistence
- Sets file execution options in registry
  persistence
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Change Default File Association

T1042

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Adds autorun key to be loaded by Explorer.exe on startup

Modifies firewall policy service

Modifies security service

Modifies Installed Components in the registry

Registers new Print Monitor

Sets file execution options in registry

Modifies system executable filetype association

Registers COM server for autorun

Adds Run key to start application

Installs/modifies Browser Helper Object

Maps connected drives based on registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2