cb7f3582d62719ea87d4ec30a44765f495edd85a5ea92916b16d373b08ce9189 | Triage

Sharing

General

Target

bf68377bf9d4040730e358df91d73fcf
Size

111KB
Sample

240311-a6s29sgb4s
MD5

bf68377bf9d4040730e358df91d73fcf
SHA1

212073d2e1094b7f07a3e6daf1b09ebcf15710a9
SHA256

cb7f3582d62719ea87d4ec30a44765f495edd85a5ea92916b16d373b08ce9189
SHA512

763dba98ea883b12ce8ccbe8fdaef33880f1d040ec6e05f7dfbda97b3b05132c9761f69595bbff1d1017bc1565bad9bef791aa9effb23f96c54d0dd4942763bc
SSDEEP

3072:3xzuS4uw/BdhYTyPHIgcPmYpnVU2rFa2R60La77e:3k6w/BMTyPKmYNVU2BNLa3e

Score

10^/10

adware evasion stealer

Malware Config

Targets

- Target
  
  bf68377bf9d4040730e358df91d73fcf
- Size
  
  111KB
- MD5
  
  bf68377bf9d4040730e358df91d73fcf
- SHA1
  
  212073d2e1094b7f07a3e6daf1b09ebcf15710a9
- SHA256
  
  cb7f3582d62719ea87d4ec30a44765f495edd85a5ea92916b16d373b08ce9189
- SHA512
  
  763dba98ea883b12ce8ccbe8fdaef33880f1d040ec6e05f7dfbda97b3b05132c9761f69595bbff1d1017bc1565bad9bef791aa9effb23f96c54d0dd4942763bc
- SSDEEP
  
  3072:3xzuS4uw/BdhYTyPHIgcPmYpnVU2rFa2R60La77e:3k6w/BMTyPKmYNVU2BNLa3e
Score

10^/10

adware evasion stealer
- Modifies firewall policy service
  evasion
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealer

behavioral2

adwareevasionstealer