5cfaec15d48d36b15ac725930e3203e30e40bf17fc0d11de83d5e4f42a0f717c

Sharing

Copy URL Twitter E-mail

General

Target

e1f5c49c2d312873fde445d4584fe2e4
Size

7.9MB
Sample

240327-sgspbaef98
MD5

e1f5c49c2d312873fde445d4584fe2e4
SHA1

38e7c681f9783ea22dcb8227dbf97d3b65ca4e83
SHA256

5cfaec15d48d36b15ac725930e3203e30e40bf17fc0d11de83d5e4f42a0f717c
SHA512

6159062fababbda3cd700863575dee6c294e8b788731e512b048942250a7ad4bd7af250793627e91d183f79e608fea0dec562fb8587b089a84217a21f8226880
SSDEEP

196608:yVAvvOkJH/c4zxtZajRYGYnFVGAK+JXV6w:/vvOUHlzxvEeGkcIXV6w

Score

7^/10

Malware Config

Targets

- Target
  
  e1f5c49c2d312873fde445d4584fe2e4
- Size
  
  7.9MB
- MD5
  
  e1f5c49c2d312873fde445d4584fe2e4
- SHA1
  
  38e7c681f9783ea22dcb8227dbf97d3b65ca4e83
- SHA256
  
  5cfaec15d48d36b15ac725930e3203e30e40bf17fc0d11de83d5e4f42a0f717c
- SHA512
  
  6159062fababbda3cd700863575dee6c294e8b788731e512b048942250a7ad4bd7af250793627e91d183f79e608fea0dec562fb8587b089a84217a21f8226880
- SSDEEP
  
  196608:yVAvvOkJH/c4zxtZajRYGYnFVGAK+JXV6w:/vvOUHlzxvEeGkcIXV6w
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ExecCmd.dll
- Size
  
  4KB
- MD5
  
  b9380b0bea8854fd9f93cc1fda0dfeac
- SHA1
  
  edb8d58074e098f7b5f0d158abedc7fc53638618
- SHA256
  
  1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244
- SHA512
  
  45c3ab0f2bce53b75e72e43bac747dc0618342a3f498be8e2eb62a6db0b137fcdb1735da83051b14824996b5287109aa831e5859d6f21f0ed21b76b3d335418c
- SSDEEP
  
  48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  18KB
- MD5
  
  c3f71dbf1dafbd30349c43ca0d56fce4
- SHA1
  
  e2754b4fb1a73a63afd265e56be168974e3ac520
- SHA256
  
  5ab4789012d22b49ea7da21c80c7d5034e78bf4b82aeb091425d2d22cba440dd
- SHA512
  
  e4bac73e483a895d677a4c7f150d97b085bc8866f4905f5bf8aa865d5a22b283be95d4d9b68daef9bef273516164fd0329917f2c3601a32de8534ef380c1e2f3
- SSDEEP
  
  384:xR3EapHo6wDtZy352UjO6eFgee6ho0E83EbPhvaVp:xR3g6wioxLlia
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  16KB
- MD5
  
  963c5021848d9121508d61b2bd6881ea
- SHA1
  
  4afef12493bf2ff4723a9b9d9973c991aa5d29a0
- SHA256
  
  507045cf5799b1ba24dedac4a02207dfa6db9834c1f5a490353c2b459fda9a4e
- SHA512
  
  6a5f299912190195e87527df17d88345a80ad111d91df00df0656a704d7a489d8e551366a4edff421c13e19e2473ea584a6e153ce18b135e2be96a1fb5286e49
- SSDEEP
  
  192:r/wta1/yQp3wo1sp0xFcMyGaiO6PEqQlmACSF6keflWobXFkSKOKL9xHrTv:zZ1/y28p0YMy9zqQlmABF6k5ob+59xL
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  11KB
- MD5
  
  6e6ea06ff64142decd1544965704b3a3
- SHA1
  
  34b3065cdd40d48f4ffaf26b1a35bafefb0bd989
- SHA256
  
  eac6e063d05453f4917b1f892c864f412d5734e9c01f0b37e62802df0e51bc96
- SHA512
  
  7f49c929059bd56c403406e473c5de64b076c1b1011922d4e64967750c1ecdc47c682d68c910744ff6ccf19ed00e3ad55eab5f10775fcbaa08ca3c746e3b15ea
- SSDEEP
  
  192:dimuo2iXsGk7lXtUil/HdJZC9jToTlHY0QvKwaHrEmK:sK8zmihi0VYLMHrNK
Score

3^/10
behavioral10 behavioral9
- Target
  
  Uninstall.exe
- Size
  
  92KB
- MD5
  
  e55df9069ff5849cd97503548a7dca56
- SHA1
  
  c355709042c60b8e2bf1affb21afa2e8fc399341
- SHA256
  
  546640a1f3e28dc96a58fefb3cab1829ea1fc2c973cc37da08dc69cac6e3e685
- SHA512
  
  a3658179dd2c2d6a11dc1709d6eed3d36652ccd9778c1cc4dbf1a8f9bf35fb7ac2e47fdf049349b2c75808d6a823d7e5e5e4c3f0a6adda119e2baef09669d6a3
- SSDEEP
  
  1536:Byiit01zQf7Cx02zXEgbdPJtK3BJ7gdLeAyNN5qhPEm/Y7eXpDjDT:CO1zQzGxo3BJ7ceA4q1RfpLT
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  flashplayer.exe
- Size
  
  7.7MB
- MD5
  
  5293c69e8f9c8212ac6b843245b59f71
- SHA1
  
  d9cba349d23fff4d62319b261acd9ecd8db40422
- SHA256
  
  d534f716b2b234c00949ce89745e8f040ffda4dc98e527d991fbd9fd97cccc79
- SHA512
  
  e9f7f580b5b95e82cb0a25de378b7861db0f76d0e5665a39d87b072e274a14c0fd9e47006134896b4b3410d4805ba1c9c0cf07d2a1057279620b6942c3406259
- SSDEEP
  
  196608:6efzzP6LIP5W2vrypm6qf6tiiFA+EC0lchsIxsKOU:zLNP5lymeiiS+EC0qEU
Score

1^/10
behavioral13 behavioral14
- Target
  
  toolbar.exe
- Size
  
  3.1MB
- MD5
  
  4785fc1f2466a561c40668e98a60b964
- SHA1
  
  b0f863eac1dc7b521ed95369563029fecfef005d
- SHA256
  
  9c94e49f06386735ab62756155ed724470a00066c55056499fee75a3fd503dd2
- SHA512
  
  f6ff2ce5d9b208c4b62a26c8cd510a1a0983b600e182da333ce01460b6cd9363324d445d08c0f5992d10ad89dcca47f978f4665404f225da076cd67b829fe9b0
- SSDEEP
  
  98304:YuzOTv1n+r0xFM2Bjeml5NpGu2V7fICWyFkYdH4SKCYI7:YYOTv1n+r09jRl5TG7rFWyFkYm5jI7
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/CabDLL.dll
- Size
  
  80KB
- MD5
  
  3b8cf4f6c883c7ca0c964ef2a96525aa
- SHA1
  
  7f0d1b89783056decea951fa7b25d3c4c354d0d3
- SHA256
  
  58b29737613b3b916ae6d8ad12790da5cffcf0f354739abfa41bab60a80d40ea
- SHA512
  
  6474c7a8fb31c0e1cdbb4fbc5653a060961557565484ee2d26beb8be0e5d047790f8ff96710729bf5ee9eb00011beb98c370eb2ae01aa4ad0971f58910ebcd24
- SSDEEP
  
  1536:CAecLfUiFF6h/q6krEnJfSh5iOqML8CNajobjkR3t5r:C+MiFMh/q6krEnY4MAC0jo83t5r
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/CustomLicense.dll
- Size
  
  4KB
- MD5
  
  ca37f2747e04ae09ae9f14852574abef
- SHA1
  
  e40bf34907337340520f368575c848ddb62f98c5
- SHA256
  
  bbcab5c7e9f4b3f63184b23995e5b335a1c6ca5108aaa1be0eaf3fbf78afc1c4
- SHA512
  
  ea781e646313bc458fba0ce66e357818725f385cb6c3383bb9c41dbb5221a6f43e3d8296aa3cbd5e8759d95d87a8eefa5f87665912fbc65c8eb4efcacabfdb60
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  13KB
- MD5
  
  bcec2a6095d38abc192a68d094c302d0
- SHA1
  
  9e88c5b957b45524690513b75d81dee259d5d599
- SHA256
  
  446000200eff4f9c20761ce1680902daba190c81a57154f4917b1741d7800e3c
- SHA512
  
  b48e85a17904a104eef573358763a0b1215eec96f72f83ff544d2dab22737bc42411ca505adf3f7e95c6f7e7997ad3e408f258093727105b678d5eee8d8e6278
- SSDEEP
  
  192:mNnXQprEE3vHosEWFt6F5SLdn93YUCzj7qUFVWsSCDLjcOq98sswY:WnXQphvHJFoFe93D2xVWsSCHZq98FwY
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  24KB
- MD5
  
  ef630cf1898c257df36b1037bd1e5392
- SHA1
  
  b2c47d9a741d2b5391387059552b37f2daddade2
- SHA256
  
  41776a77b4e3bba1c3e70d10b9f560248148b8f2c45d39d4cd8683754112860f
- SHA512
  
  986b405d723294ff5b3649f899bc048c5693bd386dc3f489b390ccb1d56e8e65a9dbe6d0863d553525ce93d505a162eaa087faf4b4c5133345c3330d01327211
- SSDEEP
  
  384:TzBnI67jSmHQvw+Bf4HD4Cza5Sh2ze7VW3Pvg5TEnzuomuHya93ld0Ac9khYLMkY:TtIajSmiw+iDLth2ze78PvgynzuzuSaf
Score

3^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/license2_es.rtf
- Size
  
  35KB
- MD5
  
  12ebbccaed28b4563d2fcd4ec7732de0
- SHA1
  
  40b3bbf374b56313b3cca311ff1d7ebf73ecc9ec
- SHA256
  
  f63dee2f111b8d4a9490685aad7fb81f1bb1f53aa905cdf4edaee85de514eb56
- SHA512
  
  aa4fc4cbbecce5a8899d4805c752c717b40b4f1e692f6be4542acbb14542937707976a7d371b4263ce7c58cad630f7082966e955aad0d1220f85c58ae065de59
- SSDEEP
  
  384:uNGtwgrKwHzVphCmSjeo75Y3ktSYrQYsxY1ezyZo3:OGyZaZgSYrQYsxr2o
Score

4^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/license_es.rtf
- Size
  
  47KB
- MD5
  
  d18e55bed2144a1fcba280b899caf67a
- SHA1
  
  bb3c34d58d3551708649beab02f404acbec5b27d
- SHA256
  
  8e8e2fd737c7f86c2a06960cbecf3c292401aed22e52a91c485808af9a4960cc
- SHA512
  
  8ac644f0279daaae09872d13d62e9c98d42b1213b870d0f2b230b5e1dfb6e38ef87d2d1530e8e46e6763b4efe2001b314b188de6efddf01160fa63ceb4bd5381
- SSDEEP
  
  768:d+6MQt88gFDGi3w2EH8DGi3w2EHfr3eYIHb+aSb9VQ6yZgSYrQYsxr20:d8QtTreYIHbaw6y+SqQYOr20
Score

4^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32