8662964a0c03e181d3a7cd58824a4367a4e970f333d693a995af83bada214c05 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

mmc-develop-win32.zip

windows7-x64

1

mmc-develop-win32.zip

windows10-2004-x64

1

MultiMC/MultiMC.exe

windows7-x64

1

MultiMC/MultiMC.exe

windows10-2004-x64

8

Sharing

General

Target

mmc-develop-win32.zip
Size

13.5MB
Sample

230312-a74kdsea5y
MD5

745992832e9b94949f51a476add8264b
SHA1

4d11cd2b81cc6c456f29cf44ed54cc911f53c37b
SHA256

8662964a0c03e181d3a7cd58824a4367a4e970f333d693a995af83bada214c05
SHA512

0925c87cc6243741ba7681b39d0173b64137fa2b94a33a82943c4c00c5737910792f6a48b1d1dc00a0e8bf2647447316c002b500d0ebaaa53a758ff678d04706
SSDEEP

393216:Wy/mqGxGVinAqB81lhubAyC6F81qYo9rI:Wy/mHxGq8PhubvP81ql5I

Score

8^/10

adware persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

mmc-develop-win32.zip

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

mmc-develop-win32.zip

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

MultiMC/MultiMC.exe

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

MultiMC/MultiMC.exe

Resource

win10v2004-20230220-en

adware persistence stealer

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  mmc-develop-win32.zip
- Size
  
  13.5MB
- MD5
  
  745992832e9b94949f51a476add8264b
- SHA1
  
  4d11cd2b81cc6c456f29cf44ed54cc911f53c37b
- SHA256
  
  8662964a0c03e181d3a7cd58824a4367a4e970f333d693a995af83bada214c05
- SHA512
  
  0925c87cc6243741ba7681b39d0173b64137fa2b94a33a82943c4c00c5737910792f6a48b1d1dc00a0e8bf2647447316c002b500d0ebaaa53a758ff678d04706
- SSDEEP
  
  393216:Wy/mqGxGVinAqB81lhubAyC6F81qYo9rI:Wy/mHxGq8PhubvP81ql5I
Score

1^/10
behavioral1 behavioral2
- Target
  
  MultiMC/MultiMC.exe
- Size
  
  8.8MB
- MD5
  
  38c782c12952ecaeb3af973a7338790d
- SHA1
  
  3167c8152fde81d9b3aebbb41d38a607ba5b48b7
- SHA256
  
  4fc7abd9769e631fe1831b8b0da7b924322b77fee774dba6c5d0ccf6f69242f4
- SHA512
  
  e72b69bee5cf6ca2c45d8b84f128126dd1c81f03e7dfae4d03e3d906f79bb7e1f9ecad6030e4447783657e59c75017df72f590ca786edcfd2996c88345542a1a
- SSDEEP
  
  196608:LjeHzMAqhnF5SdEy/vgiBkxqSdXh9NWompJIwFsBEeVgVvV3rABVLVVkNWV+O8VU:OHOer/vAUpyRVgVvV3rABVLVVkNWV+On
Score

8^/10

adware persistence stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

adwarepersistencestealer

© 2018-2024

Terms | Privacy