aca765bcd02d7720bcdfc6bca39951b9709dd57598b757f82928d81858fdd94e | Triage

Submit
Reports

Overview

overview

Static

static

ChromeSetup (2).exe

windows7_x64

ChromeSetup (2).exe

windows10_x64

Sharing

General

Target

ChromeSetup (2).exe
Size

1.3MB
Sample

201121-ajtbf3vjzj
MD5

ecc058f48cd239512937c92d3c0553ee
SHA1

f7c9614da5c98c5131ed2e8a798ccd0f279d5adc
SHA256

aca765bcd02d7720bcdfc6bca39951b9709dd57598b757f82928d81858fdd94e
SHA512

4c9c99a4a84963f7e59dd0339178c44b36e7fb52df2b8a9aadf929b05ef1f8eb93cffa8d73382f7f57107201ea1da1cce69c297b4dfa964453ac4816e754bc5e

Score

10^/10

discovery macro persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup (2).exe

Resource

win7v20201028

discovery macro persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ChromeSetup (2).exe

Resource

win10v20201028

discovery macro persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ChromeSetup (2).exe
- Size
  
  1.3MB
- MD5
  
  ecc058f48cd239512937c92d3c0553ee
- SHA1
  
  f7c9614da5c98c5131ed2e8a798ccd0f279d5adc
- SHA256
  
  aca765bcd02d7720bcdfc6bca39951b9709dd57598b757f82928d81858fdd94e
- SHA512
  
  4c9c99a4a84963f7e59dd0339178c44b36e7fb52df2b8a9aadf929b05ef1f8eb93cffa8d73382f7f57107201ea1da1cce69c297b4dfa964453ac4816e754bc5e
Score

10^/10

discovery macro persistence spyware
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- JavaScript code in executable
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverymacropersistencespyware

behavioral2

discoverymacropersistencespyware

© 2018-2024

Terms | Privacy