70db79f51e1f772b0ac7a317b60e1ad0a23d0a3c793ca351c316dcb8bdad7c0a

General

Target

70db79f51e1f772b0ac7a317b60e1ad0a23d0a3c793ca351c316dcb8bdad7c0a
Size

14.5MB
Sample

241108-ws4shaxakh
MD5

fba3f3f5401e2125f4a49c8e182816ea
SHA1

a3ce13ac870e3c3a6e1c64ac9ff796d99db640db
SHA256

70db79f51e1f772b0ac7a317b60e1ad0a23d0a3c793ca351c316dcb8bdad7c0a
SHA512

0a680bc9c69164aa4aa08dd841445209bc2b652fa73d81253852ee8186899827ac89571864bdc6a433d97ff776335b5379d478ad43e60b6055d379ecb77dd6d6
SSDEEP

393216:IkGvHke2G9OsP3F6kQXnAMzdjSLe8uciGp:IkGvHjynAMdSJupGp

Score

8^/10

Malware Config

Targets

- Target
  
  IDM6.42һü/idman642build20.exe
- Size
  
  11.7MB
- MD5
  
  2e8d39c7da0aa9a5df2276542998d859
- SHA1
  
  cdac6844c616195738ff74a32998b475f97fac3e
- SHA256
  
  0d492c5313e32f6acdd25d544be67471677a14dc12532095c6ff6108d873b6ba
- SHA512
  
  0ace3c71df78f33a90520a4a552b8f06817611ae3397469edfdc1d27f316e598fba85b92bc573e6085057f1d0eb1977177f000702991a8ee4c0f6bf1bcf3ed42
- SSDEEP
  
  196608:SL5ph05fHg8IyT6e11LHWTNNYtlzUEkvJ2KrG6fTNpieZqRZV0OD2pezRCux:wr05fvIyue3oNqPFYGOprZ09KpUY0
Score

8^/10

adware discovery persistence phishing privilege_escalation spyware stealer
- Drops file in Drivers directory
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2
- Target
  
  IDM6.42һü/жع/geek.exe
- Size
  
  6.7MB
- MD5
  
  ef78997488e6121971404a3f25686fee
- SHA1
  
  53a260990106e5271cb525f87be008e299beaa85
- SHA256
  
  d96df1051e62aa40baefd51235be45f8038745582a5d3428b63123fd2ced60db
- SHA512
  
  8a021950ae41a76659cacdba57d4a090b839dc9a39866b1ca3b6efc533d2542cdb40dbf5004c58d1793329a60126052d7372b0b3d4e9165cfa48938f0e77e573
- SSDEEP
  
  98304:jo2mCHer41qIJVUR0LRn2ufOFL//bHAKYmg77UQ1mfa/ews4VOp9mD:U4wIY0LRnHfq37g7oQcfa/ewsWOpsD
Score

4^/10

discovery spyware stealer
behavioral3 behavioral4
- Target
  
  IDM6.42һü//IDM_6.4x_Crack_v19.7.exe
- Size
  
  59KB
- MD5
  
  27016937b5781c4f84b6b3432170f4d0
- SHA1
  
  bc812a8c4d44a3503ffd6a46e4fdab925c622344
- SHA256
  
  fc1a02b509b8f351ac45bd45efd4e7296b365545a48ffd6a14e8e07bc7189155
- SHA512
  
  24a726276cc53c5a0d075d1bf930e24b3a1891e0754b17c28a5a35b5677fd792d9adb55e5e0a7fe18f056febb8af4a49a5a0fac33389205d1f4dcc0060422be7
- SSDEEP
  
  1536:5ilGC+HMax3AZ5GiavgfreZCRIr71mazhAN5TAS:5igLV3SIareERU5mazh3S
Score

8^/10

discovery evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
behavioral5 behavioral6