33ffc220033c7f50c7aa2e00796f62e9e84843972272381546fbe5d8e758e389

Sharing

Copy URL Twitter E-mail

General

Target

ccleaner_browser_setup (1).exe
Size

5.4MB
Sample

240629-vsd2eavdpj
MD5

01ec413c8459cb62678be1541afa4084
SHA1

4b0669f357d2acd535a3a4e7ee9b83b7b2d966fa
SHA256

33ffc220033c7f50c7aa2e00796f62e9e84843972272381546fbe5d8e758e389
SHA512

c0056d90b34244ae55a5267180d983cfd5a2f08a65f183184d80aef9536a9a5ed3f431a6d457708258852e36c1509f9ae917d922e485f60357b0e7c72dd6c7cc
SSDEEP

98304:aFhCVHsZ2GQtEqlQO4H7nKcZI0GSk7PKzuI90uMv3ILYVxzpxRA3hmw3RyzJKuud:scsZoXlQO4bn18PpIC3SYVxzFA3hmMRH

Score

8^/10

Malware Config

Targets

- Target
  
  ccleaner_browser_setup (1).exe
- Size
  
  5.4MB
- MD5
  
  01ec413c8459cb62678be1541afa4084
- SHA1
  
  4b0669f357d2acd535a3a4e7ee9b83b7b2d966fa
- SHA256
  
  33ffc220033c7f50c7aa2e00796f62e9e84843972272381546fbe5d8e758e389
- SHA512
  
  c0056d90b34244ae55a5267180d983cfd5a2f08a65f183184d80aef9536a9a5ed3f431a6d457708258852e36c1509f9ae917d922e485f60357b0e7c72dd6c7cc
- SSDEEP
  
  98304:aFhCVHsZ2GQtEqlQO4H7nKcZI0GSk7PKzuI90uMv3ILYVxzpxRA3hmw3RyzJKuud:scsZoXlQO4bn18PpIC3SYVxzFA3hmMRH
Score

8^/10

bootkit persistence spyware stealer discovery evasion privilege_escalation trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/JsisPlugins.dll
- Size
  
  2.1MB
- MD5
  
  6090bd09b765115dbf8dc4a1abc74f9f
- SHA1
  
  5c0e83cb0c28bed937d4631df091bdc9a22c517f
- SHA256
  
  9187b575e8545d20848ae7fdba3a2d8b486c25e1791498f391a7138bef71df4f
- SHA512
  
  17200b952661f355d5ffbaf265897748d1764fd30626b42ac301f5ff8988e58df2f06cb6620d6b5a97cafaa99dd10a4be83e828247ad8eea153d0bb632ef78d1
- SSDEEP
  
  49152:xdpuUEAFwL9cgRCbajymTn920aBa7deTlfRXAF3bHQpobMAjY5kH:xdpucFwL9zymTn920aBa7deJfRgbHQu1
Score

3^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Midex.dll
- Size
  
  126KB
- MD5
  
  9c3678d423b7cfc308c1857e5f93ede7
- SHA1
  
  d0b384ba07a52aeba957b2bd171da3dc0de2a6bb
- SHA256
  
  c87fcd7ea8669ba4a5cfca83ddaee610260be721d6fba19e537f1c706b7295ca
- SHA512
  
  27e5832aa51e867a8c32330521ac4d71f4c3d2bfd5ced0aa45dc2fcd42870fa5645abbbed29ac369ef0a73eb64b30a573ee74502c672b80cea29e911e98d54f3
- SSDEEP
  
  3072:uACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGWn:uACUTz1JlopG5K4OZgeC
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  $PLUGINSDIR/jsis.dll
- Size
  
  127KB
- MD5
  
  9c5bfca91c74478122bd493271e7467a
- SHA1
  
  663b25f0c50cfac5ae35f77465f33fb2ca57c961
- SHA256
  
  bb85cd31b83ce192fef588e417c4749e83fee19723c814eaf00594c37e75c2c6
- SHA512
  
  cf0a2e7cebc406d08d1872e088b3bd110c388430f26def44d1fc40d4222b63a5cc3a5824061a96e5b85dbaaaab58305f69a3b70308d12658fca60cb5c5434bdf
- SSDEEP
  
  3072:h3Zk9fOAewM0+W8NVH28fB948igEWo8P+fid7:h3qNOApM1G8fBpidWZ
Score

3^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  36KB
- MD5
  
  c80631ed154254fcf2d362e532119ab5
- SHA1
  
  14104226258dc5b3fc88fd815547c01b1cec2735
- SHA256
  
  73698082634a7052fccd9e6ab20a0e9179a4421071e10c0ad53591dfc9ea24aa
- SHA512
  
  3d37acefe015e72c82d2e38f155df2a28f84728a5819b518bb3a5b083a6dcee9e227ca423711dd79b5eb9caa34ac6d34bc7d26de3571f0e5ed566d3818e545e1
- SSDEEP
  
  768:j1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRprYiKAMxkE:j1bYPHqu7EUhL27bTr7ox
Score

3^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  $_106_
- Size
  
  6.1MB
- MD5
  
  8d5e8e267bac7f20ff754cfef992498d
- SHA1
  
  15b8d1ff158b292b00598eb4d4ad9554009cab09
- SHA256
  
  ab6525603c37018db65559d46df90414a939d75d365849417775b706b928d18f
- SHA512
  
  f01b37a61071a168bc5a7f188c486b70f7a8f31598fdfe0634817edcfbf6e512c9ceb74b64d62cff6ce473d4490580fedc04491ed43b0a1daa49b5b68608916e
- SSDEEP
  
  98304:JTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLwKknK:JTvkTLVTAudcoJheBnknfFrqNeKc
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24