d644b0d6ac1a29293dc2c4e47a56e94e14752272c1caafe850b2bb7a92d7568d | Triage

Submit
Reports

Overview

overview

8

Static

static

3

8f7617b0e5...d0.exe

windows7-x64

7

8f7617b0e5...d0.exe

windows10-2004-x64

8

Sharing

General

Target

8f7617b0e58d8baf0c07b4f889a88cd0
Size

43KB
Sample

240204-sgknpsegap
MD5

8f7617b0e58d8baf0c07b4f889a88cd0
SHA1

9f548a54af9e49ac0b5b41aeabddd39921253f4a
SHA256

d644b0d6ac1a29293dc2c4e47a56e94e14752272c1caafe850b2bb7a92d7568d
SHA512

48aeb5a6e2b356d0152de80eeb0cf1778617546abf42a9a9dbee4ff4d5277fedb7c844d115ecd9c0c55f36548101029370bb97804ead684351d87f3b7170d5aa
SSDEEP

768:ke9tQ7pPcYq8DpyRGX/lx4juUhDo2x4kfuBaGtymH/yLSCzMUx:j4kYq8cwXfkfh+kfOa3g4rx

Score

8^/10

adware persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8f7617b0e58d8baf0c07b4f889a88cd0.exe

Resource

win7-20231215-en

adware stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f7617b0e58d8baf0c07b4f889a88cd0.exe

Resource

win10v2004-20231215-en

adware persistence stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f7617b0e58d8baf0c07b4f889a88cd0
- Size
  
  43KB
- MD5
  
  8f7617b0e58d8baf0c07b4f889a88cd0
- SHA1
  
  9f548a54af9e49ac0b5b41aeabddd39921253f4a
- SHA256
  
  d644b0d6ac1a29293dc2c4e47a56e94e14752272c1caafe850b2bb7a92d7568d
- SHA512
  
  48aeb5a6e2b356d0152de80eeb0cf1778617546abf42a9a9dbee4ff4d5277fedb7c844d115ecd9c0c55f36548101029370bb97804ead684351d87f3b7170d5aa
- SSDEEP
  
  768:ke9tQ7pPcYq8DpyRGX/lx4juUhDo2x4kfuBaGtymH/yLSCzMUx:j4kYq8cwXfkfh+kfOa3g4rx
Score

8^/10

adware stealer upx persistence
- Modifies Installed Components in the registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy