11f63ad75157ab905a8e59534b8b1c803a61eb96d1ff3617df45da869fb39393 | Triage

Submit
Reports

Overview

overview

Static

static

7

NEAS.53281...90.exe

windows7-x64

NEAS.53281...90.exe

windows10-2004-x64

Sharing

General

Target

NEAS.532811910ae08a090e8197e81ac37390.exe
Size

805KB
Sample

231118-f4j98scf7z
MD5

532811910ae08a090e8197e81ac37390
SHA1

90de4325c688fa86147fd90216ecbcbcf76277c4
SHA256

11f63ad75157ab905a8e59534b8b1c803a61eb96d1ff3617df45da869fb39393
SHA512

bb492abad1a5b3b271f0053b64aff22a7bf1ea46c623652bb6ada87a95fc41fe3d9aec93bc88c7df8d66a28edb3816a2a1570858d41b13700ae9870cc220d4bc
SSDEEP

24576:T+SlOaRgfVYVelNpyh8eeeePp6f2HlnNceeeJ:qSUfVYVelNcKeeeeu2HlneeeeJ

Score

10^/10

adware persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NEAS.532811910ae08a090e8197e81ac37390.exe

Resource

win7-20231023-en

adware persistence stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.532811910ae08a090e8197e81ac37390.exe

Resource

win10v2004-20231023-en

adware persistence stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.532811910ae08a090e8197e81ac37390.exe
- Size
  
  805KB
- MD5
  
  532811910ae08a090e8197e81ac37390
- SHA1
  
  90de4325c688fa86147fd90216ecbcbcf76277c4
- SHA256
  
  11f63ad75157ab905a8e59534b8b1c803a61eb96d1ff3617df45da869fb39393
- SHA512
  
  bb492abad1a5b3b271f0053b64aff22a7bf1ea46c623652bb6ada87a95fc41fe3d9aec93bc88c7df8d66a28edb3816a2a1570858d41b13700ae9870cc220d4bc
- SSDEEP
  
  24576:T+SlOaRgfVYVelNpyh8eeeePp6f2HlnNceeeJ:qSUfVYVelNcKeeeeu2HlneeeeJ
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Browser Extensions

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2025

Terms | Privacy