f21353e4a527dd03b2c5feac9e4d21c5cbb657be026095d9a6cb32c34a0a94ce | Triage

Sharing

General

Target

a1b14b73897c12825d4d994e9a817140
Size

2.7MB
Sample

240224-m1zzvaae4x
MD5

a1b14b73897c12825d4d994e9a817140
SHA1

4e910b049638d6ad8aaf90832336c6c0a2cb48f0
SHA256

f21353e4a527dd03b2c5feac9e4d21c5cbb657be026095d9a6cb32c34a0a94ce
SHA512

71bed6b79dbdfb85b692c09def3f17f9dc0f3c20825dad5ab2427f452e94372aee402cadcacc0a9e70ad51e9f6aaba314309b04c540e3608d81bf22e8f583de8
SSDEEP

49152:6QgA7wy45ejW+0VmC9JXHnIYFFpI1vBhTodumyjJOjFzK:6Qg4w7GW+0VmC9JXHIYfkvBhTodumyjt

Score

7^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  a1b14b73897c12825d4d994e9a817140
- Size
  
  2.7MB
- MD5
  
  a1b14b73897c12825d4d994e9a817140
- SHA1
  
  4e910b049638d6ad8aaf90832336c6c0a2cb48f0
- SHA256
  
  f21353e4a527dd03b2c5feac9e4d21c5cbb657be026095d9a6cb32c34a0a94ce
- SHA512
  
  71bed6b79dbdfb85b692c09def3f17f9dc0f3c20825dad5ab2427f452e94372aee402cadcacc0a9e70ad51e9f6aaba314309b04c540e3608d81bf22e8f583de8
- SSDEEP
  
  49152:6QgA7wy45ejW+0VmC9JXHnIYFFpI1vBhTodumyjJOjFzK:6Qg4w7GW+0VmC9JXHIYfkvBhTodumyjt
Score

7^/10

adware discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer