16ffc20967f73bd4ff0229972cb7732589f2fd96336505bdb25544cfa0912844 | Triage

Sharing

General

Target

cd9e021b58de5ccc6a2fbbe41b0a2bab
Size

104KB
Sample

240316-kppnmafe8w
MD5

cd9e021b58de5ccc6a2fbbe41b0a2bab
SHA1

9db7e920c7cc4eb539b0d1ef97582700d34cd512
SHA256

16ffc20967f73bd4ff0229972cb7732589f2fd96336505bdb25544cfa0912844
SHA512

ef8ce8b51ea8e95aa44730ffd379f51d5cc8065b27d785d2a439244dc1816a4e7465728bd69536481a3323cecffa1acf47c00261c0c85ab0b1a5527e297d341c
SSDEEP

1536:9yVOmTBYa0XkuDkxP4P2g9iB0orjaJLtgb:8dpckuDkxP4Hb+aJLtgb

Score

7^/10

adware evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  cd9e021b58de5ccc6a2fbbe41b0a2bab
- Size
  
  104KB
- MD5
  
  cd9e021b58de5ccc6a2fbbe41b0a2bab
- SHA1
  
  9db7e920c7cc4eb539b0d1ef97582700d34cd512
- SHA256
  
  16ffc20967f73bd4ff0229972cb7732589f2fd96336505bdb25544cfa0912844
- SHA512
  
  ef8ce8b51ea8e95aa44730ffd379f51d5cc8065b27d785d2a439244dc1816a4e7465728bd69536481a3323cecffa1acf47c00261c0c85ab0b1a5527e297d341c
- SSDEEP
  
  1536:9yVOmTBYa0XkuDkxP4P2g9iB0orjaJLtgb:8dpckuDkxP4Hb+aJLtgb
Score

7^/10

adware evasion persistence stealer trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionpersistencestealertrojan

behavioral2

adwareevasionpersistencestealertrojan