054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa | Triage

Sharing

General

Target

054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa.exe
Size

404KB
Sample

230314-ee283sfc6t
MD5

31a46564145f167c90cde7221904df31
SHA1

d9021f000b203d37a13ca3b6eae037b7c2817b9e
SHA256

054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa
SHA512

1bb4a784a41ce3cb3be59e3fba6b68617a396c542d870c750117573d4774b581dc72b821a4976e2199582cac455b10ff930561fae304545acc9f8879439da400
SSDEEP

6144:rwTOAkRjUmqjDtFQHo7l37jaxIZm8ezKMH0Q4exxrp7Myuuh/Wr0LRU:0TOAkRj7IqoRHaxYmzzxrFdLh/20tU

Score

10^/10

adware discovery evasion stealer

Malware Config

Targets

- Target
  
  054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa.exe
- Size
  
  404KB
- MD5
  
  31a46564145f167c90cde7221904df31
- SHA1
  
  d9021f000b203d37a13ca3b6eae037b7c2817b9e
- SHA256
  
  054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa
- SHA512
  
  1bb4a784a41ce3cb3be59e3fba6b68617a396c542d870c750117573d4774b581dc72b821a4976e2199582cac455b10ff930561fae304545acc9f8879439da400
- SSDEEP
  
  6144:rwTOAkRjUmqjDtFQHo7l37jaxIZm8ezKMH0Q4exxrp7Myuuh/Wr0LRU:0TOAkRj7IqoRHaxYmzzxrFdLh/20tU
Score

10^/10

adware discovery stealer evasion
- Modifies firewall policy service
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoveryevasionstealer