Overview

overview

7

Static

static

3

ca0ff44f47...22.exe

windows7-x64

7

ca0ff44f47...22.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca0ff44f47b00dbfc080ae80e771dc22

  • Size

    247KB

  • Sample

    240315-a56xqscc71

  • MD5

    ca0ff44f47b00dbfc080ae80e771dc22

  • SHA1

    3c8fe64d5f205e455da73e2dfce9e3ed1de52bc7

  • SHA256

    7cf2788cdd29eea91f2772d7b8c24fb8fc68aa61b9625c10230571758a9eb583

  • SHA512

    c9d01e903d2455f616c991a03f4dfc760d2fbd854b78a0ab94d15277ac153766442cc286b8b19217cd9cb38b53b82f1ece6432effcae98dabf1f00a6d8ac8c67

  • SSDEEP

    6144:SY94NATSZI1R1RzLXjP1HouXCEHujqpUu3wz:R9OAWGHLjjpou1HujqpZe

Score
7/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      ca0ff44f47b00dbfc080ae80e771dc22

    • Size

      247KB

    • MD5

      ca0ff44f47b00dbfc080ae80e771dc22

    • SHA1

      3c8fe64d5f205e455da73e2dfce9e3ed1de52bc7

    • SHA256

      7cf2788cdd29eea91f2772d7b8c24fb8fc68aa61b9625c10230571758a9eb583

    • SHA512

      c9d01e903d2455f616c991a03f4dfc760d2fbd854b78a0ab94d15277ac153766442cc286b8b19217cd9cb38b53b82f1ece6432effcae98dabf1f00a6d8ac8c67

    • SSDEEP

      6144:SY94NATSZI1R1RzLXjP1HouXCEHujqpUu3wz:R9OAWGHLjjpou1HujqpZe

    Score
    7/10
    adwarepersistencestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks