2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d | Triage

Sharing

General

Target

2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d.exe
Size

4.5MB
Sample

241113-agdahstelm
MD5

1e50d2b51102c300fde6ff51f7be20a2
SHA1

9807a9fd596935e5cea507d569937060825bc842
SHA256

2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d
SHA512

cccbe7c98df055949f363d99791711cb69bcfd52e2970a0679024e9f43e02538356136aaddff9be6c6cf2b1dc9dbb2d3dc0fec54a6416d1d310fe28efde8ede4
SSDEEP

98304:6HBGxaeNoUAT49fZw2mZkfCR/4+CBtOyBOeVFA2VQXf:cB0am2THZkfk/2B5RV+f

Score

7^/10

adware discovery stealer upx

Malware Config

Targets

- Target
  
  2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d.exe
- Size
  
  4.5MB
- MD5
  
  1e50d2b51102c300fde6ff51f7be20a2
- SHA1
  
  9807a9fd596935e5cea507d569937060825bc842
- SHA256
  
  2de691adb4984c996a0de98c998dc968d80244a61415da63a54744ce434fb12d
- SHA512
  
  cccbe7c98df055949f363d99791711cb69bcfd52e2970a0679024e9f43e02538356136aaddff9be6c6cf2b1dc9dbb2d3dc0fec54a6416d1d310fe28efde8ede4
- SSDEEP
  
  98304:6HBGxaeNoUAT49fZw2mZkfCR/4+CBtOyBOeVFA2VQXf:cB0am2THZkfk/2B5RV+f
Score

7^/10

adware discovery stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsTools.dll
- Size
  
  262KB
- MD5
  
  69fcb9ae215b1397ae1f9751da7016d0
- SHA1
  
  da3816591f15fcdae48910fb632ee5d2f8c09d4d
- SHA256
  
  ba5b2e57997aae2ce636a76e8ffc536498bf3882d61648f30c169cc17fd1f342
- SHA512
  
  f9c6aa7b420b1e18ab7e7351f4d228e5b2fd047fc70e170b037efda0bca4b5ff146f6457f477aeaecf829e42d3c730530483c240e0b1de98aef217c2bcc56689
- SSDEEP
  
  3072:9FB2a5XgeSo6j3Yme+xJAqld5D2dyCFLJiHtiEgI3Y3b4nHNVAl7Uw7xN51I2Z:wa9gex67BxuMDD2dyCFhwY306lT7HI2
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  kuaibo.exe
- Size
  
  3.2MB
- MD5
  
  f31f3458c48c12fa3d162a0bd2cbe15c
- SHA1
  
  54b652afd8dc0ebbe28efa9fd0f7c307c649c800
- SHA256
  
  6aa930e3e237db31ebd8df64e839767c3b21a9d310a941e4f6f2cb1fafd98210
- SHA512
  
  91f0642b9f08337237ee127cb0488fd21716b5c3bea649c8668cc52de2f4903fc154f38d7f8121dab4ff312da40a80a370f9115d86f828d2000ac27f765955e7
- SSDEEP
  
  98304:ggHhFtKcEsdW+phMOFkQ+2f7SPHOuY3AZVkSLJU:g2Kcnh/bBuOKjNU
Score

7^/10

discovery
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  67d8f4d5acdb722e9cb7a99570b3ded1
- SHA1
  
  f4a729ba77332325ea4dbdeea98b579f501fd26f
- SHA256
  
  fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
- SHA512
  
  03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
- SSDEEP
  
  192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Codecs/CoreAVC.ax
- Size
  
  372KB
- MD5
  
  7a03e8376a5650333ea9fd595ecd802c
- SHA1
  
  6b01321dd7a11de431805b497884db56f380d60a
- SHA256
  
  d1977f2c9125540639ff08226e88c413fd417190d3e076390d3a1f1c1a9e5ebf
- SHA512
  
  36b8c6cf606d187079bb54d20a13601ad231a3cad092691f4257abec1393c160973a926d5044083f1c18d959c7ed6ac6fc7a6c592fb91b762adb14da6fefe36d
- SSDEEP
  
  6144:FcVG5Sslel+3zTWCP+xBE5gKlEpIyUzvlvah1MTuAyZ81yhjtmGRf8UQjCgod:wG532+3zTWCP+TE5gy+Iy2NabKTyK1cb
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13 behavioral14
- Target
  
  Codecs/FLVSplitter.ax
- Size
  
  387KB
- MD5
  
  dc3cb32fa1984c1d2c8a46669ca50dfd
- SHA1
  
  36cac8e356e463e30d32565749dbe9bb9ec258ae
- SHA256
  
  e1774bc800fa2ba76c35c395bc55fc1e55650e92728c9b12ecd1d68482130a89
- SHA512
  
  637e43e57ce367608d0f9702a196a1a053083b371c6f1a19553d9d92bf84ed002539a35cdeb3c7088382504955d21e0db4f358ebf40f84d5afa6f6fc9454bcba
- SSDEEP
  
  6144:18Bb1GKVQWDsoD+xr4EGl4TIIqremnfyD/TXP7:18t1GKVQWDmM43qremfyT
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Codecs/MP4Splitter.ax
- Size
  
  483KB
- MD5
  
  73170a2a2930a53baff2c57e684cff03
- SHA1
  
  b95bcf14ea078377a4fab383ba580e3f7028067d
- SHA256
  
  e1b660d6d1ff8ec16a91a4df11f95ae17618a23bf451ae0b4f77d6354f433735
- SHA512
  
  e475e42b7b0da4d89beab0895b87acf116a264fa63ce901f98226230d18a477a9c8ff7d223aeb68b52d85bd0b1e61a4418ee2daf6b94971008f3f56e53839af5
- SSDEEP
  
  6144:7GPdzS5R8cQxAdYKitPDo+9WEkSY38WaY81WzUCJaTB6qqDmjsKkQ5uSBlEk:q2R8cRdYKitPM+9x+8YPaTNqCj3t7
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Codecs/MatroskaSplitter.ax
- Size
  
  439KB
- MD5
  
  7d883aa427d88d2528e87d488ee5613c
- SHA1
  
  25b60603d697e9480fc6b2ef1a2163efb86e7a59
- SHA256
  
  3e433f7ca893aba0ac2b2ad536910d13871e34fc737d63c66695258b88b9c7a2
- SHA512
  
  7257207625180b9a2ff035b57078d75eb4dd2f10440edc98f86f8c3b9c97acef1e5c4ed90bc47a30890d488f3084c170babff3ffa751a187711632898d66a843
- SSDEEP
  
  6144:8k4FiNL6hHDhMXqqunRb8Z/Vw7BQ7qffGDrj+TBJkTOxeJXTQeDDWHAG:t4FiNWdhMXrunR4iQf+TrZeJkO0
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Codecs/MpaSplitter.ax
- Size
  
  328KB
- MD5
  
  5bbb7c74b02c3beefbf5b1e53d4d49e6
- SHA1
  
  896d7c4511b010fccfeccdc82d6f0abc72983986
- SHA256
  
  f83ca0820372bb63d4f14a13cc42455c30b8b18ff5e88fd3c31ec61088f0f9ff
- SHA512
  
  ae00c74f38ffafcd64b897dd05e4c879fdf7ee0c89355fd3a5e153b80e0cfc0cdd861129f29171be675912e252df7867ba2d1ea2eab2d40326b6620d797a47b8
- SSDEEP
  
  6144:kSiuusWG//Emlmb6nrJqTyItAc99DysiqmGKq:kLuusWGESrJqTyIecfirGK
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Codecs/QMVSplitterFilter.ax
- Size
  
  163KB
- MD5
  
  f77ffec1aa0b30c8e06e048c14bed10b
- SHA1
  
  dddaa9da4a791bc3b5ed554abb26573742727089
- SHA256
  
  2538f0f855faf072a991b3b2665322b13326a45af9c0506eef49563c43fb3590
- SHA512
  
  1205b0d1d1c0bf33bdfe8ef32fba0387a6b866d4fe953f42714257ee99240115bf30c56401ec416b31c159a78a458428d79cda0e14a11b25dc86d0d63305ada1
- SSDEEP
  
  3072:eOEElhUPjzImhkhcvyDKRUjz4PI46bVa5EDMCmZd6:eyfUPjz7hkr54YtDMC
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Codecs/QmvbSplitter.ax
- Size
  
  535KB
- MD5
  
  ae96cb8655c71e1a0004c0b45780d8ae
- SHA1
  
  9d6ada7de4cdf22d2122d1d6649a54a72599f2ac
- SHA256
  
  422c05e56e2bd70d6d8935df9bf201490045a4d0081fb52688e031370febfeff
- SHA512
  
  3c96d196c2ed4b28618bb2d814dbcaf1333b3222424d0372c5d7e5f325aac0a9d7dc4d92e1c09ba2e6085f9e43ba98bfd741f033d5e983fdbba4b3385d0df698
- SSDEEP
  
  12288:ZO1hj3Vhngc85GHoJnhrtZIc30ZSTr50BMtD:ZKjgc8ikic30oTr50BM9
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Codecs/QvodMpeg2Dec.ax
- Size
  
  555KB
- MD5
  
  22620ebbec0657bfa8175896fb4f7fed
- SHA1
  
  35e7de779543447520691533c614e22b87eae715
- SHA256
  
  3789ebf09d76247d0b5ed089821ad3637862ee444940369e29e4c8b4de3e48d2
- SHA512
  
  bfffffff997bfcfeb20a83aa651d36ec87857f3cc0ba668ae13541a4b6fc04ae3e58170bde6554eb80955c480318b84a504cae9480f3102e0ad937abd0a69573
- SSDEEP
  
  12288:PewNiay8Xr2xOcAp52qeILrp4kUh0EsmQZ5:PZNiaFXCY52qe0GJi7mQZ5
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Codecs/QvodSound.ax
- Size
  
  271KB
- MD5
  
  c0a19162635d5380a31aea2452e1f13b
- SHA1
  
  6574323f45227f899318b0ec0ca21b5a3736a505
- SHA256
  
  9dcd076dbe2cc9dade244794b4ccfd7f131ebf84f00d020092606493bb9d5ca8
- SHA512
  
  21e18e25759cdee3b437d2195de79720d861469d4457920ad5186438fda867dcdd2ca1a9127b4d11c14c48b0d4121fe1fd75dab7a7d8000433ca9906ae83ff7a
- SSDEEP
  
  6144:CruOoH74YYhla0EUUmJuCIHAOmDj8ssssssssw6:CrO4YYhc2Sp
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Codecs/QvodSource.dll
- Size
  
  211KB
- MD5
  
  6d9ccaea509d807a29a9b3b313c752b6
- SHA1
  
  e6a218014e60b7992f1a4550266d37708c60b2c0
- SHA256
  
  651a0d47fa34b39ee3d9b244f42abeb801cb04bcbdd5cfd5ba75d0779bf644fb
- SHA512
  
  b2fbe4f3a5da0c87f17176d00d4fafafb7b4e5166b2ea9ec8a4d5a3cfdeeebaf249523c35d841d1a45baf4c7da2b538401163e45ae44e5c1756dd5f792897020
- SSDEEP
  
  3072:BlG1cWiu85YTk+iny+3yXcQJnaRYZ9lWuAztKN8IwkeJYlOrcxkWB+lRJWaxA5s0:fu85YGyQERaRuWL+8aeJYTWRJWQC
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealerupx

behavioral2

adwarediscoverystealerupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32