bd2234a31a15f31b0afd9ed6db59767482c4236db557e58f6f7fb2f92b88fb8c | Triage

Sharing

General

Target

087a8101d38fa364ddf1b2c248494788
Size

696KB
Sample

231225-gav1bagael
MD5

087a8101d38fa364ddf1b2c248494788
SHA1

479e880862dd54d7d45145208dba3c2a494fab52
SHA256

bd2234a31a15f31b0afd9ed6db59767482c4236db557e58f6f7fb2f92b88fb8c
SHA512

2d9249405bf4f5e69f3610e5a109450cc56c8fe75e5aad919393ff1d96ef4571bfd60d9f16151738eb1b0f60b1d14f768407df047d812336f2076ea2f85bccf2
SSDEEP

12288:nwYrzpGLVyD/E23EDF5l8gVCtfad1Fi9OgJPFj8HwuRrM8b+6QSTccnxXo:wAzpWEf0DFEgEtSd1I9zJtj8HwutMhi8

Score

7^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  087a8101d38fa364ddf1b2c248494788
- Size
  
  696KB
- MD5
  
  087a8101d38fa364ddf1b2c248494788
- SHA1
  
  479e880862dd54d7d45145208dba3c2a494fab52
- SHA256
  
  bd2234a31a15f31b0afd9ed6db59767482c4236db557e58f6f7fb2f92b88fb8c
- SHA512
  
  2d9249405bf4f5e69f3610e5a109450cc56c8fe75e5aad919393ff1d96ef4571bfd60d9f16151738eb1b0f60b1d14f768407df047d812336f2076ea2f85bccf2
- SSDEEP
  
  12288:nwYrzpGLVyD/E23EDF5l8gVCtfad1Fi9OgJPFj8HwuRrM8b+6QSTccnxXo:wAzpWEf0DFEgEtSd1I9zJtj8HwutMhi8
Score

7^/10

adware persistence stealer
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer