e0dacd6acb15428d2ee6f068bf2e8979013071fd2ee3ccf4a88f687a06f0b908 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

qttabbar-v...b2.msi

windows11-21h2-x64

6

Sharing

General

Target

qttabbar-v1.5.0.0b2.msi
Size

840KB
Sample

240630-sr38sszdke
MD5

eb955a2d87dce195b5899c1d40a30af6
SHA1

c85d6f4476b2d01b5457bddc67a037bdf47e8709
SHA256

e0dacd6acb15428d2ee6f068bf2e8979013071fd2ee3ccf4a88f687a06f0b908
SHA512

146ffdafd4f85808503867ca3687c777ac9267f67aa2b1bb169be3b125f9c012c3ab550bfc80fd3684ef912a6fc32ac5fb67f86d2d7cd3ff8f3e78e4b4cfc533
SSDEEP

12288:3P7sn3MdpZ+7VUqI3t4P3/WOe/dSP/B6iX4r8MtDVGEq+5B/FgRd:/7sn3K+7VU/9a/5bor8MjqUXgX

Score

6^/10

adware persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

qttabbar-v1.5.0.0b2.msi

Resource

win11-20240508-en

adware persistence privilege_escalation stealer

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  qttabbar-v1.5.0.0b2.msi
- Size
  
  840KB
- MD5
  
  eb955a2d87dce195b5899c1d40a30af6
- SHA1
  
  c85d6f4476b2d01b5457bddc67a037bdf47e8709
- SHA256
  
  e0dacd6acb15428d2ee6f068bf2e8979013071fd2ee3ccf4a88f687a06f0b908
- SHA512
  
  146ffdafd4f85808503867ca3687c777ac9267f67aa2b1bb169be3b125f9c012c3ab550bfc80fd3684ef912a6fc32ac5fb67f86d2d7cd3ff8f3e78e4b4cfc533
- SSDEEP
  
  12288:3P7sn3MdpZ+7VUqI3t4P3/WOe/dSP/B6iX4r8MtDVGEq+5B/FgRd:/7sn3K+7VU/9a/5bor8MjqUXgX
Score

6^/10

adware persistence privilege_escalation stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Installer Packages

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistenceprivilege_escalationstealer

© 2018-2024

Terms | Privacy