c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

settings.json

windows11-21h2-x64

8

Resubmissions

21-02-2025 18:31

250221-w6hr7axjf1 8

17-02-2025 23:21

250217-3b3bnsvkbq 8

17-02-2025 22:59

250217-2yvdxavjan 10

17-02-2025 22:47

250217-2qlrsstqgv 3

17-02-2025 22:43

250217-2nmlbatqgm 3

Sharing

General

Target

settings.json
Size

159B
Sample

250216-ggyd1swlhz
MD5

bf7c91a40ae1aaa3e7537aaf156780f3
SHA1

ace8ec14125ae7320c4efdfc89a82e0e3d2db91f
SHA256

c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3
SHA512

edcfe353a5cf1a3cc3bf78b60df950defd86a5f1d255ef74c17ea916f2c9bc4fe65e4c2a607a3bd7f7abd7ad2c59dfc18c45269c43000a23dffca083859feeb6

Score

8^/10

adware discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

settings.json

Resource

win11-20250211-en

adware discovery persistence privilege_escalation stealer

windows11-21h2-x64

27 signatures

900 seconds

Malware Config

Targets

- Target
  
  settings.json
- Size
  
  159B
- MD5
  
  bf7c91a40ae1aaa3e7537aaf156780f3
- SHA1
  
  ace8ec14125ae7320c4efdfc89a82e0e3d2db91f
- SHA256
  
  c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3
- SHA512
  
  edcfe353a5cf1a3cc3bf78b60df950defd86a5f1d255ef74c17ea916f2c9bc4fe65e4c2a607a3bd7f7abd7ad2c59dfc18c45269c43000a23dffca083859feeb6
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy