Overview

overview

10

Static

static

3

10eb0ab405...ff.exe

windows7-x64

10

10eb0ab405...ff.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    10eb0ab4050d319f7fd371b6fab2f1ff.exe

  • Size

    98KB

  • Sample

    240105-n6bpwacdf3

  • MD5

    10eb0ab4050d319f7fd371b6fab2f1ff

  • SHA1

    1048f53cbe37e53cbdd92dcaa352af39bfe83682

  • SHA256

    a322e11987258bace7e088fb9d895e8ff24e8ea301c6757c82986fdc68a752a7

  • SHA512

    86bde4d0de01499e7b52b80f2e9c123c11a6c86010311310a5380ae0a12020f7e0f3e1efe89d7b849ee6b250228ee880874ca0cd57f858d8957e7bcf168b9d2e

  • SSDEEP

    3072:Ynr+fLImtvjIiJHiVGAOqkpyaRxb3uchKA6xfaa3p0Ea:Yr+MmtvMwCV1OqMy2xb3pH6ca3W

Score
10/10
adwareevasionpersistencestealer

Malware Config

Targets

    • Target

      10eb0ab4050d319f7fd371b6fab2f1ff.exe

    • Size

      98KB

    • MD5

      10eb0ab4050d319f7fd371b6fab2f1ff

    • SHA1

      1048f53cbe37e53cbdd92dcaa352af39bfe83682

    • SHA256

      a322e11987258bace7e088fb9d895e8ff24e8ea301c6757c82986fdc68a752a7

    • SHA512

      86bde4d0de01499e7b52b80f2e9c123c11a6c86010311310a5380ae0a12020f7e0f3e1efe89d7b849ee6b250228ee880874ca0cd57f858d8957e7bcf168b9d2e

    • SSDEEP

      3072:Ynr+fLImtvjIiJHiVGAOqkpyaRxb3uchKA6xfaa3p0Ea:Yr+MmtvMwCV1OqMy2xb3pH6ca3W

    Score
    10/10
    adwareevasionpersistencestealer

    • Modifies firewall policy service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks