75f76a90bc450781f179e4aeedb7d7a0f35815a9629c4def937496a517236baf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55634b080e1ce397d516a5f5a03d903c
Size

244KB
Sample

240112-d8b4baeha5
MD5

55634b080e1ce397d516a5f5a03d903c
SHA1

1e422fe68928bb036f2b8efe3bc793dffecd6f59
SHA256

75f76a90bc450781f179e4aeedb7d7a0f35815a9629c4def937496a517236baf
SHA512

c8eedbcf7e34586fd788e5a65a113357cb1c1309b2d115aa821668052231f1880215c4afe779acbf1998e734d0df6dabc79dc3e4324be120a08e2e8484d11717
SSDEEP

3072:1wJIGQRyuFDbHMXPDD9lds4i1jpq49DnQ5fHOtPgViI:1LGQRyutbH6zdy1jpq49nmfHOtP6iI

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  55634b080e1ce397d516a5f5a03d903c
- Size
  
  244KB
- MD5
  
  55634b080e1ce397d516a5f5a03d903c
- SHA1
  
  1e422fe68928bb036f2b8efe3bc793dffecd6f59
- SHA256
  
  75f76a90bc450781f179e4aeedb7d7a0f35815a9629c4def937496a517236baf
- SHA512
  
  c8eedbcf7e34586fd788e5a65a113357cb1c1309b2d115aa821668052231f1880215c4afe779acbf1998e734d0df6dabc79dc3e4324be120a08e2e8484d11717
- SSDEEP
  
  3072:1wJIGQRyuFDbHMXPDD9lds4i1jpq49DnQ5fHOtPgViI:1LGQRyutbH6zdy1jpq49nmfHOtP6iI
Score

8^/10

adware persistence stealer
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2