d4f72966550109f0fa2a139e26b9ea21c4ec776911ade96a3552104f7cf2f926 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Remove-Edge.exe

windows7-x64

7

Remove-Edge.exe

windows10-2004-x64

8

Sharing

General

Target

Remove-Edge.exe
Size

8.5MB
Sample

230306-2nk3gsef6y
MD5

90cd506989e066e6733006803bf45886
SHA1

0e1da5ae0616ffb3636b78bb71b0412c08ee471e
SHA256

d4f72966550109f0fa2a139e26b9ea21c4ec776911ade96a3552104f7cf2f926
SHA512

5c2afcf55a14602ec640fe0ba5ac5aee4ebb94e891284c3a1b891cdd7dfdd2856fa76299ed055a8fcaf9528a5a61c15e69fc1d822e9a558359b16f1f2c9ba125
SSDEEP

196608:I9oqdQmR5dA6lsuErSEEJwdF6OlvJHDO6YZYPXk0:I9dQ2ls+9JOh8Z8

Score

8^/10

adware persistence pyinstaller stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Remove-Edge.exe

Resource

win7-20230220-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Remove-Edge.exe

Resource

win10v2004-20230220-en

adware persistence stealer

windows10-2004-x64

15 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Remove-Edge.exe
- Size
  
  8.5MB
- MD5
  
  90cd506989e066e6733006803bf45886
- SHA1
  
  0e1da5ae0616ffb3636b78bb71b0412c08ee471e
- SHA256
  
  d4f72966550109f0fa2a139e26b9ea21c4ec776911ade96a3552104f7cf2f926
- SHA512
  
  5c2afcf55a14602ec640fe0ba5ac5aee4ebb94e891284c3a1b891cdd7dfdd2856fa76299ed055a8fcaf9528a5a61c15e69fc1d822e9a558359b16f1f2c9ba125
- SSDEEP
  
  196608:I9oqdQmR5dA6lsuErSEEJwdF6OlvJHDO6YZYPXk0:I9dQ2ls+9JOh8Z8
Score

8^/10

adware persistence stealer
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealer

© 2018-2024

Terms | Privacy