c3a57a65c497d8879be2951597f2a4305af9f0315f4a8d4d88acc3c6bc60a78a | Triage

Submit
Reports

Overview

overview

7

Static

static

1

05bcad0109...d0.exe

windows7-x64

7

05bcad0109...d0.exe

windows10-2004-x64

7

Sharing

General

Target

9563150745.zip
Size

2.3MB
Sample

230316-sr8hhsdg6z
MD5

fba435bd41db72fca59604181947cf20
SHA1

6cac7840e736aca3a119cfd91ae40bb4c5419f82
SHA256

c3a57a65c497d8879be2951597f2a4305af9f0315f4a8d4d88acc3c6bc60a78a
SHA512

c47fa05005241608084106b59e09a05e0d07000b55e7e19c15e345858866e30344bdd3e89bac31a780a88efe49b529a5740f0d2c033acacc9ee6b264ef10b3c4
SSDEEP

49152:mtbKkKNDQlcal+9adwMYFIzHx+LH82SzrzjCGGKuuC2s152:8uk9ca004Bcf/wKA152

Score

7^/10

adware persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

05bcad0109788d76c1f9a199baad13c78352661dbf10c22dc99db2c9bdc216d0.exe

Resource

win7-20230220-en

adware persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

05bcad0109788d76c1f9a199baad13c78352661dbf10c22dc99db2c9bdc216d0.exe

Resource

win10v2004-20230220-en

adware persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  05bcad0109788d76c1f9a199baad13c78352661dbf10c22dc99db2c9bdc216d0
- Size
  
  5.4MB
- MD5
  
  d56a09aa4c061c9125c5871dd8ab19b2
- SHA1
  
  dfe1a0fbe3f7ff7cdebc5b5e51e860b5ee60440f
- SHA256
  
  05bcad0109788d76c1f9a199baad13c78352661dbf10c22dc99db2c9bdc216d0
- SHA512
  
  674038097546434ffc5832962e0c05efdf6e1277cede6d5fb4ba44445dc72a85b7738b0f958b458d22beb8fe2f6fc6ad7c5aed182c56a1caabf908439e2283a0
- SSDEEP
  
  98304:CEwQXyX2kHK5mi8P4+18frP3wbzWFimaI7dlZ:CE3XyXhHKQkgbzWFimaI7dl
Score

7^/10

adware persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencespywarestealer

behavioral2

adwarepersistencespywarestealer

© 2018-2024

Terms | Privacy