6959f960cf3bf083d2e24068fc1841c81245352554d4ab53b65d826284ce2688 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

INSTALL ENG.cmd

windows10-2004-x64

8

Sharing

General

Target

Internet.Download.Manager.v6.41.11.zip
Size

9.1MB
Sample

230407-z32yfaaf43
MD5

e838f09d3401517d01de33f530676738
SHA1

b49022949c626888fd042e21cb3a7319b24b3a70
SHA256

6959f960cf3bf083d2e24068fc1841c81245352554d4ab53b65d826284ce2688
SHA512

3a76921578eb2d38d89d891788d0524200315484b178a447b53d59a1e4ffe88c8b776a463841c3708b2ea9f5de9a928909119e8950bd8a7d8ee662d4a4a017af
SSDEEP

196608:AAy6Zc5yoGe27Do1k7/P7jIibggbdaQprJtgVZ/qo4BK9O/Q8:dy3yLDr7gibggZaQ9IVVd5z8

Score

8^/10

adware evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INSTALL ENG.cmd

Resource

win10v2004-20230220-es

adware evasion persistence spyware stealer trojan

windows10-2004-x64

33 signatures

300 seconds

Malware Config

Targets

- Target
  
  INSTALL ENG.cmd
- Size
  
  751B
- MD5
  
  75accb18a47d2bf8ee2cd3cfd2a9dc6b
- SHA1
  
  319273931655601a8c54956349210ca965382f5c
- SHA256
  
  1bce452e7f8623bfce7d42d2ae3f7e619709f6ed4ae51f30d810a48e6323a7d0
- SHA512
  
  13d547854e810a126e8abe9cbc728e7db224c62cabda743d40765fbc1af2f3b9a615b373fda045adb8c9f2a1b2e72ce488d40304a6e09027317617bd2592cd86
Score

8^/10

adware evasion persistence spyware stealer trojan
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy