6528240804ba7ed158b7559a71067b46b68d5485414b3191a391b8dcdf7a35a4 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

IMG_202401...07.jpg

windows7-x64

3

IMG_202401...07.jpg

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

IMG_20240131_120707.jpg
Size

141KB
Sample

240213-yv9gwagg7z
MD5

26763071caffd24ee6b4fe0c190934ff
SHA1

d82dc97458a41994c6258fcd6814e99548b9aa7e
SHA256

6528240804ba7ed158b7559a71067b46b68d5485414b3191a391b8dcdf7a35a4
SHA512

9a87b9d898c25b34413f5e2c6f075663be5f0bd4197e3675b1d52d6553f015c935142282bafb00061f2a574cb57337e2de86d1199fbaf658a1986ff0d5d8f974
SSDEEP

3072:/IH06NZbtTMAAtzflUsZGR8Qf9VRjq67i52j7LwVWWLTY:0ZbtTMBtfB8R8QvRjhhcVhY

Score

8^/10

adware discovery evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IMG_20240131_120707.jpg

Resource

win7-20231215-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

IMG_20240131_120707.jpg

Resource

win10v2004-20231215-en

adware discovery evasion persistence stealer trojan

windows10-2004-x64

32 signatures

1800 seconds

Malware Config

Targets

- Target
  
  IMG_20240131_120707.jpg
- Size
  
  141KB
- MD5
  
  26763071caffd24ee6b4fe0c190934ff
- SHA1
  
  d82dc97458a41994c6258fcd6814e99548b9aa7e
- SHA256
  
  6528240804ba7ed158b7559a71067b46b68d5485414b3191a391b8dcdf7a35a4
- SHA512
  
  9a87b9d898c25b34413f5e2c6f075663be5f0bd4197e3675b1d52d6553f015c935142282bafb00061f2a574cb57337e2de86d1199fbaf658a1986ff0d5d8f974
- SSDEEP
  
  3072:/IH06NZbtTMAAtzflUsZGR8Qf9VRjq67i52j7LwVWWLTY:0ZbtTMBtfB8R8QvRjhhcVhY
Score

8^/10

adware discovery evasion persistence stealer trojan
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoveryevasionpersistencestealertrojan

© 2018-2025

Terms | Privacy