ef9f232e313d9dd77d7db51379f86c150c19373344bd27b592b1a803cfe9f8f5 | Triage

Sharing

General

Target

ef9f232e313d9dd77d7db51379f86c150c19373344bd27b592b1a803cfe9f8f5.exe
Size

2.2MB
Sample

250125-dd2eqatlep
MD5

02b4a52ec119d3cf966d70da67eb3cef
SHA1

b424858fe8871e2ca7b513f34f7568e4d04ec4cf
SHA256

ef9f232e313d9dd77d7db51379f86c150c19373344bd27b592b1a803cfe9f8f5
SHA512

3a1bedf763bb685be3d1712db82f9e201a0102956839ce3b31664b91a796eca92c41b606e2b7a6b95c5f43b0550a761b35f7458aac3f38c38b66dee621acabf7
SSDEEP

49152:GeZM+VKH/ZKhwqQtUWzpDMnOmB7ebA5rOYiZnS:7GWwvtt1jmxebSivZnS

Score

7^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Targets

- Target
  
  ef9f232e313d9dd77d7db51379f86c150c19373344bd27b592b1a803cfe9f8f5.exe
- Size
  
  2.2MB
- MD5
  
  02b4a52ec119d3cf966d70da67eb3cef
- SHA1
  
  b424858fe8871e2ca7b513f34f7568e4d04ec4cf
- SHA256
  
  ef9f232e313d9dd77d7db51379f86c150c19373344bd27b592b1a803cfe9f8f5
- SHA512
  
  3a1bedf763bb685be3d1712db82f9e201a0102956839ce3b31664b91a796eca92c41b606e2b7a6b95c5f43b0550a761b35f7458aac3f38c38b66dee621acabf7
- SSDEEP
  
  49152:GeZM+VKH/ZKhwqQtUWzpDMnOmB7ebA5rOYiZnS:7GWwvtt1jmxebSivZnS
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

behavioral2

adwarediscoverypersistenceprivilege_escalationstealer