Overview

overview

10

Static

static

1

regdelete-...9o.exe

windows7-x64

regdelete-...9o.exe

windows10-2004-x64

10

Resubmissions

03-03-2023 01:44

230303-b6arcsfc9s 10

03-03-2023 01:42

230303-b4nv7sfc7z 7

03-03-2023 01:39

230303-b2ymmafg72 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    regdelete-readme-edits.zip

  • Size

    102KB

  • Sample

    230303-b6arcsfc9s

  • MD5

    c311b0155c1b4b6fa69907535561ab6e

  • SHA1

    6f67ac188a59afe75c9823aa67c71f5965da3ed5

  • SHA256

    0f74f24a5c1b60aca05d1292e91b351243b3cd95dda66cd6dfdd13e8fd0c26a0

  • SHA512

    85fed902be923a86c69320568c2bf7e122a415f83cb82f414b4928da744d037e2096f2121289e988f6462da52a84bd8b0c70814e30e1f5182d64454a1c9d8484

  • SSDEEP

    3072:YmKFecO/Q3TWn8N2ArDlz4N7/82WXYAikEC:0xO/Ln8RGNL8xriJC

Score
10/10
adwareevasionpersistencestealer

Malware Config

Targets

    • Target

      regdelete-readme-edits/hell9o.exe

    • Size

      172KB

    • MD5

      2e933118fecbaf64bbd76514c47a2164

    • SHA1

      a70a1673c4c7d0c0c12bc42bc676a1e9a09edc21

    • SHA256

      5268359ebc3f9e709c8eee1fa9d3e7c579b3e4563fabb9c394abe0fe2e39137f

    • SHA512

      c34672e55625462d16051cd725c96d634e459d61a9552f858f0b234d5eedf67594ca336f4fd695e3046c4e0485d4fa4497b6c604ee4144c49a6c1c0838628bdb

    • SSDEEP

      3072:xBtaM5EWCrATe105GWp1icKAArDZz4N9GhbkrNEk1lM:ZaM5zbp0yN90QEp

    Score
    10/10
    persistenceadwareevasionstealer

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Registers new Print Monitor

      persistence

    • Sets file execution options in registry

      persistence

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

6
T1060

Modify Existing Service

2
T1031

Change Default File Association

1
T1042

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

10
T1112

Credential Access

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks