892043f3b79d937ac74943bee419135aaf64370b627313c4efd0919bcdbace62 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

KernelOS21H2 (2).bat

windows7-x64

1

KernelOS21H2 (2).bat

windows10-2004-x64

Sharing

General

Target

KernelOS21H2 (2).bat
Size

38KB
Sample

230324-k3vrssfd8x
MD5

b2c39c94a67e89dc4a633889f0575650
SHA1

e8dc50ebfb34dfef62a83b328e4e5f61e6bc3a49
SHA256

892043f3b79d937ac74943bee419135aaf64370b627313c4efd0919bcdbace62
SHA512

7222655c44c39101c863ca95d862072abcd3c0eb28944301bb8c256f25bdb103d841df63f7af9d473656e8fa22985ba7fb9f80870abae55bf7a24ac5bba4799f
SSDEEP

768:+TOLfw09oGDbfrdAUY5eCNldf2BWt9vOjfEv+/ZcbXmB9ofdfv3h8f+q1wqk:iku

Score

9^/10

adware evasion persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

KernelOS21H2 (2).bat

Resource

win7-20230220-en

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

KernelOS21H2 (2).bat

Resource

win10v2004-20230220-en

adware evasion persistence stealer

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  KernelOS21H2 (2).bat
- Size
  
  38KB
- MD5
  
  b2c39c94a67e89dc4a633889f0575650
- SHA1
  
  e8dc50ebfb34dfef62a83b328e4e5f61e6bc3a49
- SHA256
  
  892043f3b79d937ac74943bee419135aaf64370b627313c4efd0919bcdbace62
- SHA512
  
  7222655c44c39101c863ca95d862072abcd3c0eb28944301bb8c256f25bdb103d841df63f7af9d473656e8fa22985ba7fb9f80870abae55bf7a24ac5bba4799f
- SSDEEP
  
  768:+TOLfw09oGDbfrdAUY5eCNldf2BWt9vOjfEv+/ZcbXmB9ofdfv3h8f+q1wqk:iku
Score

9^/10

adware evasion persistence stealer
- Modifies boot configuration data using bcdedit
- Modifies Installed Components in the registry
  persistence
- Stops running service(s)
  evasion
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

adwareevasionpersistencestealer

© 2018-2024

Terms | Privacy