hxxps://dl[.]comss[.]org/download/6mo_trial_HE-17[.]7_Full[.]exe

General

Target

https://dl.comss.org/download/6mo_trial_HE-17.7_Full.exe
Sample

240829-jnhcgsseqq

Score

8^/10

Malware Config

Targets

- Target
  
  https://dl.comss.org/download/6mo_trial_HE-17.7_Full.exe
Score

8^/10

adware defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1