2eae05384145e4972a950c0cec33561c0a4d231d33e6e7b93a6238bd84a6cb5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fcdc10dcd82f7278a78a081aafa274c
Size

207KB
Sample

240104-d8sq3agben
MD5

3fcdc10dcd82f7278a78a081aafa274c
SHA1

1e72caa387ce0e1e06c236a8855b96c9e14bdb0a
SHA256

2eae05384145e4972a950c0cec33561c0a4d231d33e6e7b93a6238bd84a6cb5d
SHA512

9cd003f45da3edd4e64b02c385e4c536d22b50a059085d804113f8ebf71d8ab6bab87d114a7f3248748101517f04ea589edd872b950e49bcc31b4643bfeb0605
SSDEEP

6144:gTrPN4AfgR0ING/FGdP8LpUCsaXYycPsJ3rIFr2bwrF:gTrPN4yING/FkELds2YrsJnM

Score

7^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  3fcdc10dcd82f7278a78a081aafa274c
- Size
  
  207KB
- MD5
  
  3fcdc10dcd82f7278a78a081aafa274c
- SHA1
  
  1e72caa387ce0e1e06c236a8855b96c9e14bdb0a
- SHA256
  
  2eae05384145e4972a950c0cec33561c0a4d231d33e6e7b93a6238bd84a6cb5d
- SHA512
  
  9cd003f45da3edd4e64b02c385e4c536d22b50a059085d804113f8ebf71d8ab6bab87d114a7f3248748101517f04ea589edd872b950e49bcc31b4643bfeb0605
- SSDEEP
  
  6144:gTrPN4AfgR0ING/FGdP8LpUCsaXYycPsJ3rIFr2bwrF:gTrPN4yING/FkELds2YrsJnM
Score

7^/10

adware persistence stealer
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer