9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

TLauncher-...1).exe

windows7-x64

8

TLauncher-...1).exe

windows10-2004-x64

7

Sharing

General

Target

TLauncher-Installer-1.3.5 (1).exe
Size

23.0MB
Sample

240422-x5qxvafa83
MD5

1a2ce8f6f111d438d4467a84d8c74351
SHA1

6f2b6d316eb820ae6875b84df9615e412ae0773a
SHA256

9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856
SHA512

8f276c77a73f4035513d463be939e056a67cfcfb28df078b7e63a3f524a5c66d02128ac6a267e84226dfc2916ae74d0f945a12f7326fa89fa97070329d828193
SSDEEP

393216:y25KVUfIscQ5+LTc2rr6of5MJ7ZWqxPAIgtMIMlFRqUX0OT2Hx8HcAobUAKN+:jKVaIsN+LtrrKJBH5lFRq0RD1obUAK0

Score

8^/10

adware discovery persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

TLauncher-Installer-1.3.5 (1).exe

Resource

win7-20240221-en

adware discovery persistence stealer upx

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

TLauncher-Installer-1.3.5 (1).exe

Resource

win10v2004-20240226-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  TLauncher-Installer-1.3.5 (1).exe
- Size
  
  23.0MB
- MD5
  
  1a2ce8f6f111d438d4467a84d8c74351
- SHA1
  
  6f2b6d316eb820ae6875b84df9615e412ae0773a
- SHA256
  
  9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856
- SHA512
  
  8f276c77a73f4035513d463be939e056a67cfcfb28df078b7e63a3f524a5c66d02128ac6a267e84226dfc2916ae74d0f945a12f7326fa89fa97070329d828193
- SSDEEP
  
  393216:y25KVUfIscQ5+LTc2rr6of5MJ7ZWqxPAIgtMIMlFRqUX0OT2Hx8HcAobUAKN+:jKVaIsN+LtrrKJBH5lFRq0RD1obUAK0
Score

8^/10

adware discovery persistence stealer upx
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarediscoverypersistencestealerupx

behavioral2

© 2018-2024

Terms | Privacy