7c830795f41d57218296cdbd360af468779b31c071c76716eff5489ec99a02c5 | Triage

Submit
Reports

Overview

overview

Static

static

ChromeSetup.bin.exe

windows7_x64

ChromeSetup.bin.exe

windows10_x64

Sharing

General

Target

ChromeSetup.bin.zip
Size

1.2MB
Sample

201105-9dd2hf82ea
MD5

0fcf907eddf6567cc91471ff56d43937
SHA1

adc0327f6fd7943fedef0a3e9eaf47a9d85e7a4d
SHA256

7c830795f41d57218296cdbd360af468779b31c071c76716eff5489ec99a02c5
SHA512

68aa3caa3ed066ade1ef9d31855926bfcf1b65541f4027e47ecf81d110cfb5140310505d2b690e780675a07910bf4519d80670714c3a0becdeac4f893ac4811e

Score

10^/10

discovery macro persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.bin.exe

Resource

win7v20201028

discovery macro persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ChromeSetup.bin.exe

Resource

win10v20201028

discovery macro persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ChromeSetup.bin
- Size
  
  1.3MB
- MD5
  
  628829b7d408ddffb63e3c17710b16ee
- SHA1
  
  43cf415e56242056eed8131777b9aefc9264db80
- SHA256
  
  eaf0bc8e5ce8b135b1f96960ee0bae143dcba3a39314c55579ae154e53b1640d
- SHA512
  
  1cd7ed0ae32cc46500b11d7188e7986ee5feaae5c7609f439572f7da4a4b8e08cbc0b684ffd6479ce54ef213bb543aedd2e02f45cc815668f7f3285ba6ef5f4f
Score

10^/10

discovery macro persistence spyware
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- JavaScript code in executable
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverymacropersistencespyware

behavioral2

discoverymacropersistencespyware

© 2018-2024

Terms | Privacy