179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801 | Triage

Submit
Reports

Overview

overview

Static

static

179c059a42...01.exe

windows7-x64

179c059a42...01.exe

windows10-2004-x64

Sharing

General

Target

179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
Size

335KB
Sample

240424-xza97sfg68
MD5

83294e6e639a04de564bc786a2f1672b
SHA1

4eea105d6d35f7346ac57d5690ff7193d5d4af90
SHA256

179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
SHA512

3b609e37f46b30aa645abc836c852263263f6cf52222e95260354161092b79b121c5a5af8e727169fd589b662f6f02bb0140ed16a0d860543669b7f43f381525
SSDEEP

6144:HrnkP+6bB0H9rj3fMobS1bSKPbSX2heDObSankP+6bWSGON9bS7/B+ybS7/B+ybf:HQ+Qu9piLzwoJQ+p0RqZmZJB

Score

10^/10

adware persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801.exe

Resource

win7-20240220-en

adware persistence stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801.exe

Resource

win10v2004-20240226-en

adware persistence stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
- Size
  
  335KB
- MD5
  
  83294e6e639a04de564bc786a2f1672b
- SHA1
  
  4eea105d6d35f7346ac57d5690ff7193d5d4af90
- SHA256
  
  179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
- SHA512
  
  3b609e37f46b30aa645abc836c852263263f6cf52222e95260354161092b79b121c5a5af8e727169fd589b662f6f02bb0140ed16a0d860543669b7f43f381525
- SSDEEP
  
  6144:HrnkP+6bB0H9rj3fMobS1bSKPbSX2heDObSankP+6bWSGON9bS7/B+ybS7/B+ybf:HQ+Qu9piLzwoJQ+p0RqZmZJB
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- Detects executables built or packed with MPress PE compressor
- UPX dump on OEP (original entry point)
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy