eafcb14dab104c519f6d2e878b5e14f1211923d616c8a8dc39eb9163d6b97eb2 | Triage

Sharing

General

Target

0b89957af7c903f086fb8d69edb362d5
Size

244KB
Sample

231230-cvndraeac7
MD5

0b89957af7c903f086fb8d69edb362d5
SHA1

56b4b9bf0f97b79848ea4ee9d3a65b5bd5d7a815
SHA256

eafcb14dab104c519f6d2e878b5e14f1211923d616c8a8dc39eb9163d6b97eb2
SHA512

4b4297106ef3b693df51fa30e23d449e9463f4e477a66feee0b41b8404bcb68874934ef1694a6bfbbc117f9869f02fe60cb4023b394718b4c677439be644471a
SSDEEP

3072:MwJIZSyn/pqXjzFf07VaEnXwroEqx+RINHDcWEwXGP7yq0bxS0nz5Q+DKpYrFD:MLsH50TXOq4RIFE/Dj09S25Q+DKyrFD

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  0b89957af7c903f086fb8d69edb362d5
- Size
  
  244KB
- MD5
  
  0b89957af7c903f086fb8d69edb362d5
- SHA1
  
  56b4b9bf0f97b79848ea4ee9d3a65b5bd5d7a815
- SHA256
  
  eafcb14dab104c519f6d2e878b5e14f1211923d616c8a8dc39eb9163d6b97eb2
- SHA512
  
  4b4297106ef3b693df51fa30e23d449e9463f4e477a66feee0b41b8404bcb68874934ef1694a6bfbbc117f9869f02fe60cb4023b394718b4c677439be644471a
- SSDEEP
  
  3072:MwJIZSyn/pqXjzFf07VaEnXwroEqx+RINHDcWEwXGP7yq0bxS0nz5Q+DKpYrFD:MLsH50TXOq4RIFE/Dj09S25Q+DKyrFD
Score

8^/10

adware persistence stealer
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer