2c6299923ef9d8029de9d2f05369ae2ef7646c084ebe8f6051f9e47d74064964 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.js

windows11-21h2-x64

8

Sharing

General

Target

sample
Size

83KB
Sample

240601-t48jqagg7t
MD5

2e5517a680c6ae9a92ceccbbd2124442
SHA1

c2c22bbc334748adf4c6cf0b48e0b5aad64bfb41
SHA256

2c6299923ef9d8029de9d2f05369ae2ef7646c084ebe8f6051f9e47d74064964
SHA512

8faaac9162f8f0a46e56ce3df2834561fc5bb5efead0b0cbda8e5d017136371866223d7ae5b6f7ac37f38fc78875a298facb98425ce3dbe348211ba6156323e9
SSDEEP

1536:/qcEYq4NOFYLI7fN08KQkeSVN0NtsetzRRbKsYRX:icEYqmO9f5tzjmpX

Score

8^/10

adware discovery evasion execution persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

sample.js

Resource

win11-20240508-en

adware discovery evasion execution persistence stealer trojan

windows11-21h2-x64

33 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  83KB
- MD5
  
  2e5517a680c6ae9a92ceccbbd2124442
- SHA1
  
  c2c22bbc334748adf4c6cf0b48e0b5aad64bfb41
- SHA256
  
  2c6299923ef9d8029de9d2f05369ae2ef7646c084ebe8f6051f9e47d74064964
- SHA512
  
  8faaac9162f8f0a46e56ce3df2834561fc5bb5efead0b0cbda8e5d017136371866223d7ae5b6f7ac37f38fc78875a298facb98425ce3dbe348211ba6156323e9
- SSDEEP
  
  1536:/qcEYq4NOFYLI7fN08KQkeSVN0NtsetzRRbKsYRX:icEYqmO9f5tzjmpX
Score

8^/10

adware discovery evasion execution persistence stealer trojan
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarediscoveryevasionexecutionpersistencestealertrojan

© 2018-2024

Terms | Privacy