21fa5ccdc3698d75e639921fea461ce3144a81aa3a76d0cdea29ff69843f70eb | Triage

Submit
Reports

Overview

overview

8

Static

static

1

92b84a677f...4f.jpg

windows11-21h2-x64

Sharing

General

Target

92b84a677fc94fa96d78f04d8f07c47fc4114a4f.jpeg
Size

2.3MB
Sample

240602-1czwtsgg64
MD5

5e2711ff659572a9f783f1bcdbd664c5
SHA1

92b84a677fc94fa96d78f04d8f07c47fc4114a4f
SHA256

21fa5ccdc3698d75e639921fea461ce3144a81aa3a76d0cdea29ff69843f70eb
SHA512

0a0a4ed6129413215397ee45b7a3123d74b4de67d918f07fd509b582155f2285f46e3c2f5b183c427c116b2e92146437d9412baa11314a9ba09d075505803417
SSDEEP

49152:icxf5l2lCHS8GaSTgnu8MXSXiCg87EXNp+rZkA4+l8qwvm/D64VTgu5NSf8:iA5oCykSEuVuEXf+rZAqKmNVTV50f8

Score

8^/10

adware discovery evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

92b84a677fc94fa96d78f04d8f07c47fc4114a4f.jpg

Resource

win11-20240426-en

adware discovery evasion persistence stealer trojan

windows11-21h2-x64

34 signatures

1800 seconds

Malware Config

Targets

- Target
  
  92b84a677fc94fa96d78f04d8f07c47fc4114a4f.jpeg
- Size
  
  2.3MB
- MD5
  
  5e2711ff659572a9f783f1bcdbd664c5
- SHA1
  
  92b84a677fc94fa96d78f04d8f07c47fc4114a4f
- SHA256
  
  21fa5ccdc3698d75e639921fea461ce3144a81aa3a76d0cdea29ff69843f70eb
- SHA512
  
  0a0a4ed6129413215397ee45b7a3123d74b4de67d918f07fd509b582155f2285f46e3c2f5b183c427c116b2e92146437d9412baa11314a9ba09d075505803417
- SSDEEP
  
  49152:icxf5l2lCHS8GaSTgnu8MXSXiCg87EXNp+rZkA4+l8qwvm/D64VTgu5NSf8:iA5oCykSEuVuEXf+rZAqKmNVTV50f8
Score

8^/10

adware discovery evasion persistence stealer trojan
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarediscoveryevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy