r77 | 0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8 | Triage

Submit
Reports

Overview

overview

Static

static

0a42842c4a...f8.exe

windows7-x64

1

0a42842c4a...f8.exe

windows10-2004-x64

8

Sharing

General

Target

0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8
Size

1.3MB
Sample

250210-pdcxxa1nfp
MD5

22c72ea59dadc5dc31a7c7bfdce17e1d
SHA1

ff402d88174fddbcd773b350dc297154acf698f5
SHA256

0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8
SHA512

a1a21a64325974bef95d398699c01e57d6b6d4774592facdb3715ed643e0b342ee6b55d31df4de9c48708d2f8f7b7bcd0d172c4c9278d6b6fda3a3cad6a73dea
SSDEEP

24576:r2qLfk7bTs2/PwjKYR8ASIBwhWODDSIQXbJ7U:KpbTv/Yr8xo6QXV7U

Score

10^/10

r77 adware discovery persistence privilege_escalation stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8.exe

Resource

win10v2004-20250207-en

adware discovery persistence privilege_escalation stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8
- Size
  
  1.3MB
- MD5
  
  22c72ea59dadc5dc31a7c7bfdce17e1d
- SHA1
  
  ff402d88174fddbcd773b350dc297154acf698f5
- SHA256
  
  0a42842c4a8b182b2fafc016071a2c9a3eb448d242c36c3e45425505666268f8
- SHA512
  
  a1a21a64325974bef95d398699c01e57d6b6d4774592facdb3715ed643e0b342ee6b55d31df4de9c48708d2f8f7b7bcd0d172c4c9278d6b6fda3a3cad6a73dea
- SSDEEP
  
  24576:r2qLfk7bTs2/PwjKYR8ASIBwhWODDSIQXbJ7U:KpbTv/Yr8xo6QXV7U
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy