dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1 | Triage

Submit
Reports

Overview

overview

Static

static

1

dcf626508b...d1.exe

windows7-x64

dcf626508b...d1.exe

windows10-2004-x64

Sharing

General

Target

dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1
Size

2.6MB
Sample

230309-e3xcqshd8v
MD5

a9aae238d49c314be45b58f5b8bd5ef1
SHA1

2799feeb646e892d809c9b57fe53ebf4e676443b
SHA256

dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1
SHA512

d63075e6a8fcec0f1831b86d0c17446abed3894d73f7dd7f25eb6caebee6de75c2d5e40a879733eb131e125bdefa409974a558f62833c6a02f1339ccb73801a4
SSDEEP

49152:cI+zgHov5gv6eVyCuNwl8zfuL2Ars4bnJLKwoAmGwCw9G2br:KgH4eVyCT8zuQ4bnBNA9Gk

Score

10^/10

adware discovery evasion stealer

Static task

static1

Behavioral task

behavioral1

Sample

dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1.exe

Resource

win7-20230220-en

adware discovery evasion stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1.exe

Resource

win10v2004-20230220-en

adware discovery evasion stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1
- Size
  
  2.6MB
- MD5
  
  a9aae238d49c314be45b58f5b8bd5ef1
- SHA1
  
  2799feeb646e892d809c9b57fe53ebf4e676443b
- SHA256
  
  dcf626508bfb3147a7f1b3a4fd3592b94ca4250b4dea2784c677aaff37c520d1
- SHA512
  
  d63075e6a8fcec0f1831b86d0c17446abed3894d73f7dd7f25eb6caebee6de75c2d5e40a879733eb131e125bdefa409974a558f62833c6a02f1339ccb73801a4
- SSDEEP
  
  49152:cI+zgHov5gv6eVyCuNwl8zfuL2Ars4bnJLKwoAmGwCw9G2br:KgH4eVyCT8zuQ4bnBNA9Gk
Score

10^/10

adware discovery evasion stealer
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoveryevasionstealer

behavioral2

adwarediscoveryevasionstealer

© 2018-2024

Terms | Privacy