8662964a0c03e181d3a7cd58824a4367a4e970f333d693a995af83bada214c05 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

MultiMC/MultiMC.exe

windows10-2004-x64

8

Resubmissions

12-03-2023 18:56

230312-xlck4sha4y 1

12-03-2023 18:50

230312-xhe7tseh92 1

12-03-2023 18:19

230312-wycafaeh35 8

Sharing

General

Target

mmc-develop-win32.zip
Size

13.5MB
Sample

230312-wycafaeh35
MD5

745992832e9b94949f51a476add8264b
SHA1

4d11cd2b81cc6c456f29cf44ed54cc911f53c37b
SHA256

8662964a0c03e181d3a7cd58824a4367a4e970f333d693a995af83bada214c05
SHA512

0925c87cc6243741ba7681b39d0173b64137fa2b94a33a82943c4c00c5737910792f6a48b1d1dc00a0e8bf2647447316c002b500d0ebaaa53a758ff678d04706
SSDEEP

393216:Wy/mqGxGVinAqB81lhubAyC6F81qYo9rI:Wy/mHxGq8PhubvP81ql5I

Score

8^/10

adware persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

MultiMC/MultiMC.exe

Resource

win10v2004-20230220-en

adware persistence stealer

windows10-2004-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  MultiMC/MultiMC.exe
- Size
  
  8.8MB
- MD5
  
  38c782c12952ecaeb3af973a7338790d
- SHA1
  
  3167c8152fde81d9b3aebbb41d38a607ba5b48b7
- SHA256
  
  4fc7abd9769e631fe1831b8b0da7b924322b77fee774dba6c5d0ccf6f69242f4
- SHA512
  
  e72b69bee5cf6ca2c45d8b84f128126dd1c81f03e7dfae4d03e3d906f79bb7e1f9ecad6030e4447783657e59c75017df72f590ca786edcfd2996c88345542a1a
- SSDEEP
  
  196608:LjeHzMAqhnF5SdEy/vgiBkxqSdXh9NWompJIwFsBEeVgVvV3rABVLVVkNWV+O8VU:OHOer/vAUpyRVgVvV3rABVLVVkNWV+On
Score

8^/10

adware persistence stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

© 2018-2024

Terms | Privacy