0b0927fadec2b004771eedddfd188b66a1a3a1f8dff1ba465d25b863893c1c90 | Triage

Sharing

General

Target

0b0927fadec2b004771eedddfd188b66a1a3a1f8dff1ba465d25b863893c1c90N
Size

2.7MB
Sample

241012-x4xc8s1gnl
MD5

2352db00f57ee7af115a65cdb7474d50
SHA1

50927c37c1d7f19f60cc48e9d9980df57d537bf1
SHA256

0b0927fadec2b004771eedddfd188b66a1a3a1f8dff1ba465d25b863893c1c90
SHA512

6a99aaa9503a8b4cc2864fee662253441c113bb397cfb6827906e3dd7a6f5818ca7bf9cf385bf63acb9292bfc98509bda7b8015d645636b70521a2fa67b3ccad
SSDEEP

49152:bom/bxGVbH+EapAfEUKLTpSZY1UDqnd60unoCg8O/+d8ZcLgEOIPTebA5rOYiZnO:rzSWpoEDLT/1Dd61o9VzZcLFebSivZnO

Score

7^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Targets

- Target
  
  0b0927fadec2b004771eedddfd188b66a1a3a1f8dff1ba465d25b863893c1c90N
- Size
  
  2.7MB
- MD5
  
  2352db00f57ee7af115a65cdb7474d50
- SHA1
  
  50927c37c1d7f19f60cc48e9d9980df57d537bf1
- SHA256
  
  0b0927fadec2b004771eedddfd188b66a1a3a1f8dff1ba465d25b863893c1c90
- SHA512
  
  6a99aaa9503a8b4cc2864fee662253441c113bb397cfb6827906e3dd7a6f5818ca7bf9cf385bf63acb9292bfc98509bda7b8015d645636b70521a2fa67b3ccad
- SSDEEP
  
  49152:bom/bxGVbH+EapAfEUKLTpSZY1UDqnd60unoCg8O/+d8ZcLgEOIPTebA5rOYiZnO:rzSWpoEDLT/1Dd61o9VzZcLFebSivZnO
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

behavioral2

adwarediscoverypersistenceprivilege_escalationstealer