cfe1db58d45cd01cf2362e48cd09c2f1a9d7a60b0ede7d6a7eb3c11bc33bfb1a | Triage

Submit
Reports

Overview

overview

8

Static

static

3

08f5d1a05d...6c.exe

windows7-x64

8

08f5d1a05d...6c.exe

windows10-2004-x64

8

Sharing

General

Target

08f5d1a05d860f1fffe51c04ff266f6c
Size

24KB
Sample

231224-v9d3qsaegr
MD5

08f5d1a05d860f1fffe51c04ff266f6c
SHA1

103d0d83cc61950abd9a165fb5c11e95c0128cf4
SHA256

cfe1db58d45cd01cf2362e48cd09c2f1a9d7a60b0ede7d6a7eb3c11bc33bfb1a
SHA512

6c10806f745238ed3d2373849ba9216116cc3a85e0f41a092ee616a1b4e93e3fa37140259ff53e2e1d4807f7b8efb981201acb3248b9729d7c7d2415c43812f4
SSDEEP

768:UbygN8hKoVctW0c+LY2U3XcxyyHTC0epVUtmg:9cqrVio0Ydjyr13

Score

8^/10

adware discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

08f5d1a05d860f1fffe51c04ff266f6c.exe

Resource

win7-20231129-en

adware discovery stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

08f5d1a05d860f1fffe51c04ff266f6c.exe

Resource

win10v2004-20231215-en

adware discovery stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  08f5d1a05d860f1fffe51c04ff266f6c
- Size
  
  24KB
- MD5
  
  08f5d1a05d860f1fffe51c04ff266f6c
- SHA1
  
  103d0d83cc61950abd9a165fb5c11e95c0128cf4
- SHA256
  
  cfe1db58d45cd01cf2362e48cd09c2f1a9d7a60b0ede7d6a7eb3c11bc33bfb1a
- SHA512
  
  6c10806f745238ed3d2373849ba9216116cc3a85e0f41a092ee616a1b4e93e3fa37140259ff53e2e1d4807f7b8efb981201acb3248b9729d7c7d2415c43812f4
- SSDEEP
  
  768:UbygN8hKoVctW0c+LY2U3XcxyyHTC0epVUtmg:9cqrVio0Ydjyr13
Score

8^/10

adware discovery stealer
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

© 2018-2024

Terms | Privacy