54c3df482d19d43646ce5a992a24233ec10a33f0733e93aa78eb468952670248 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

525660.html

windows7-x64

1

525660.html

windows10-2004-x64

8

Sharing

General

Target

525660
Size

13KB
Sample

230312-sr77ragc9z
MD5

8c0357294cb603473ffd8198c856829d
SHA1

2a2ad71d2eeb36d6aaf4fa23e6bf403c96558216
SHA256

54c3df482d19d43646ce5a992a24233ec10a33f0733e93aa78eb468952670248
SHA512

2d468323745ee3dbfbaa1a0a25438e2dd8cd2cdc57c457250a99c3bdda5e91c3d34a5149963d34666ae898c906f78f53a6aee7742be68df3afda2c1091b657dc
SSDEEP

48:+8hWzd7+704tIrEgrGhUzKGCdL0XGnkfy8HU9/E5lt/Txd4ObnyR9SOpsS9x4xV:bM+LtIQKGhmCJLnAy8s/ELVTxTI8O5w

Score

8^/10

adware discovery persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

525660.html

Resource

win7-20230220-en

windows7-x64

4 signatures

1200 seconds

Behavioral task

behavioral2

Sample

525660.html

Resource

win10v2004-20230220-en

adware discovery persistence stealer upx

windows10-2004-x64

30 signatures

1200 seconds

Malware Config

Targets

- Target
  
  525660
- Size
  
  13KB
- MD5
  
  8c0357294cb603473ffd8198c856829d
- SHA1
  
  2a2ad71d2eeb36d6aaf4fa23e6bf403c96558216
- SHA256
  
  54c3df482d19d43646ce5a992a24233ec10a33f0733e93aa78eb468952670248
- SHA512
  
  2d468323745ee3dbfbaa1a0a25438e2dd8cd2cdc57c457250a99c3bdda5e91c3d34a5149963d34666ae898c906f78f53a6aee7742be68df3afda2c1091b657dc
- SSDEEP
  
  48:+8hWzd7+704tIrEgrGhUzKGCdL0XGnkfy8HU9/E5lt/Txd4ObnyR9SOpsS9x4xV:bM+LtIQKGhmCJLnAy8s/ELVTxTI8O5w
Score

8^/10

adware discovery persistence stealer upx
- Blocklisted process makes network request
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistencestealerupx

© 2018-2024

Terms | Privacy