25801774a679edc391bda01f60692eac7384f6001f27f7523768aad14d176208 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ClassicShellSetup_4_3_1-es.exe
Size

7.0MB
Sample

240722-yvg3mawcjq
MD5

747a38e4337b99968834674da7db062f
SHA1

60faf95ba0511f0d16b12a745349029afc57fcb4
SHA256

25801774a679edc391bda01f60692eac7384f6001f27f7523768aad14d176208
SHA512

e9c45796ed73dac3955021193ae25dc31f111d9fdaf51d9fc0830ea75a8addac40311fed9fc7ca2e2f59531019acb3a45e4aa0fd9a96155fb1e99fa06439659d
SSDEEP

196608:VfMq1iVdqczoRHJvB9W95jPOgiOia23zk2w555OIiZiBZTt:CYSqc0xJEjmVzktkc

Score

7^/10

adware persistence privilege_escalation stealer

Malware Config

Targets

- Target
  
  ClassicShellSetup_4_3_1-es.exe
- Size
  
  7.0MB
- MD5
  
  747a38e4337b99968834674da7db062f
- SHA1
  
  60faf95ba0511f0d16b12a745349029afc57fcb4
- SHA256
  
  25801774a679edc391bda01f60692eac7384f6001f27f7523768aad14d176208
- SHA512
  
  e9c45796ed73dac3955021193ae25dc31f111d9fdaf51d9fc0830ea75a8addac40311fed9fc7ca2e2f59531019acb3a45e4aa0fd9a96155fb1e99fa06439659d
- SSDEEP
  
  196608:VfMq1iVdqczoRHJvB9W95jPOgiOia23zk2w555OIiZiBZTt:CYSqc0xJEjmVzktkc
Score

7^/10

adware persistence privilege_escalation stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistenceprivilege_escalationstealer

behavioral2