12ba8a583fb035e61f45e7ad2b9986a84ae8c4e0e77e7770e7d86a2f7fc68e04 | Triage

Sharing

General

Target

6a2442a4fb891753552346218815bc47
Size

256KB
Sample

231226-ndjvsabhcq
MD5

6a2442a4fb891753552346218815bc47
SHA1

ebd1f02cbe8eaceb7d5065ff6aee59dee7e63645
SHA256

12ba8a583fb035e61f45e7ad2b9986a84ae8c4e0e77e7770e7d86a2f7fc68e04
SHA512

60ba1b1e75d0e323bb48a83f6b51aa2026d8f2d7def67fd8c7c7697dd23cc553f2660c6258e74e9cc6dd33ff432b8c0b2e2302659582400b0c12be4ba86184a7
SSDEEP

3072:mEO9K3Cmp5z9VtzdDfFbESg5YT9o/etIyAylfFoVBL:mRBmp5zPDDVESg5YTC/etIBycB

Score

10^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  6a2442a4fb891753552346218815bc47
- Size
  
  256KB
- MD5
  
  6a2442a4fb891753552346218815bc47
- SHA1
  
  ebd1f02cbe8eaceb7d5065ff6aee59dee7e63645
- SHA256
  
  12ba8a583fb035e61f45e7ad2b9986a84ae8c4e0e77e7770e7d86a2f7fc68e04
- SHA512
  
  60ba1b1e75d0e323bb48a83f6b51aa2026d8f2d7def67fd8c7c7697dd23cc553f2660c6258e74e9cc6dd33ff432b8c0b2e2302659582400b0c12be4ba86184a7
- SSDEEP
  
  3072:mEO9K3Cmp5z9VtzdDfFbESg5YT9o/etIyAylfFoVBL:mRBmp5zPDDVESg5YTC/etIBycB
Score

10^/10

adware persistence stealer
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2