089ecfe0ef768b20c4155d52cc71e36ef9205c6ed285a7bbaa4c109676d2521d | Triage

Submit
Reports

Overview

overview

8

Static

static

1

TLauncher-...v2.exe

windows7-x64

8

TLauncher-...v2.exe

windows10-2004-x64

7

Sharing

General

Target

TLauncher-2.75-Installer-0.6.9.v2.exe
Size

16.3MB
Sample

230309-1emz2sad24
MD5

081da6578a8763d105a77bac69def6f2
SHA1

340c34a719159d03531af0aed1386f10b0a633b1
SHA256

089ecfe0ef768b20c4155d52cc71e36ef9205c6ed285a7bbaa4c109676d2521d
SHA512

0ab1371c68fd8afd3430e114090aafc0b6e9cf49b6207ebe9e5a54f7f8f0f3ed640892707ac4dca89e10af97390df06cf374917ef6e95765ba6ef194868d4270
SSDEEP

393216:EXRlrghRyfsD441ffz4e4oQL1buPKaIzAtdB7luTdHJAAX5:EhBQQ+1Hz4e4t6PKBzuB7luTdjX5

Score

8^/10

adware persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

TLauncher-2.75-Installer-0.6.9.v2.exe

Resource

win7-20230220-en

adware persistence stealer upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

TLauncher-2.75-Installer-0.6.9.v2.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  TLauncher-2.75-Installer-0.6.9.v2.exe
- Size
  
  16.3MB
- MD5
  
  081da6578a8763d105a77bac69def6f2
- SHA1
  
  340c34a719159d03531af0aed1386f10b0a633b1
- SHA256
  
  089ecfe0ef768b20c4155d52cc71e36ef9205c6ed285a7bbaa4c109676d2521d
- SHA512
  
  0ab1371c68fd8afd3430e114090aafc0b6e9cf49b6207ebe9e5a54f7f8f0f3ed640892707ac4dca89e10af97390df06cf374917ef6e95765ba6ef194868d4270
- SSDEEP
  
  393216:EXRlrghRyfsD441ffz4e4oQL1buPKaIzAtdB7luTdHJAAX5:EhBQQ+1Hz4e4t6PKBzuB7luTdjX5
Score

8^/10

adware persistence stealer upx
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

© 2018-2024

Terms | Privacy