652f6d2901c86de4a05743b5f808fafb6e28b9720c39bce5e7e031d26cac9035 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KexSetup_Release_1_1_1_1375.exe
Size

2.9MB
Sample

240428-nzr4aafa69
MD5

8b690d6134fcfa6e742f190e6d607f46
SHA1

78e08ce01a08431799fe13ef308a7e6903950812
SHA256

652f6d2901c86de4a05743b5f808fafb6e28b9720c39bce5e7e031d26cac9035
SHA512

ef2aaf3f21bf879e1cb0411b03d3ab04ea03aa0cf9e51b65d7f3d3adcd229d8588dbe0d12af24e1f221dbf4419db3af45db2f24309f2258bb78a0cd191821910
SSDEEP

49152:bSmD6/KwXbO5p3z6mQiwyf7dRoP538qLcCjVgoFjR4w4Ya3hYFUbK8xNCNe4Geh6:bSc6//2p3z60fJ6BQCCGjXMYeG8WNeY6

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  KexSetup_Release_1_1_1_1375.exe
- Size
  
  2.9MB
- MD5
  
  8b690d6134fcfa6e742f190e6d607f46
- SHA1
  
  78e08ce01a08431799fe13ef308a7e6903950812
- SHA256
  
  652f6d2901c86de4a05743b5f808fafb6e28b9720c39bce5e7e031d26cac9035
- SHA512
  
  ef2aaf3f21bf879e1cb0411b03d3ab04ea03aa0cf9e51b65d7f3d3adcd229d8588dbe0d12af24e1f221dbf4419db3af45db2f24309f2258bb78a0cd191821910
- SSDEEP
  
  49152:bSmD6/KwXbO5p3z6mQiwyf7dRoP538qLcCjVgoFjR4w4Ya3hYFUbK8xNCNe4Geh6:bSc6//2p3z60fJ6BQCCGjXMYeG8WNeY6
Score

8^/10

adware discovery persistence stealer
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer