ae741f6181b1f5da390bad4a6fadfb0191839da4eda69bc05bc6d95cf6955f21 | Triage

Submit
Reports

Overview

overview

Static

static

ChromeSetup.exe

windows7_x64

ChromeSetup.exe

windows10_x64

Sharing

General

Target

testzip.zip
Size

1.2MB
Sample

210419-dzvrvmfc7s
MD5

55532234e873d2538e23a5fc4847bd28
SHA1

aa93e479829f77db0fc5a1834f6ec975f866f9fe
SHA256

ae741f6181b1f5da390bad4a6fadfb0191839da4eda69bc05bc6d95cf6955f21
SHA512

44e539183d27e493fdb93ebd90b04bc8b297a0348b871f2e79a99d9165e4c8c276a1cef99fb245c6e24beb94abd9695d610bd052995f3cb27ce2b292527f93fb

Score

10^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.exe

Resource

win7v20210408

discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ChromeSetup.exe

Resource

win10v20210410

discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  1.2MB
- MD5
  
  12667c545c3c33a34cd2d5954d631a97
- SHA1
  
  571aceaef28b7249cb9c3617bd244cac20a01ddb
- SHA256
  
  51c59fcf9fa648bc856665db45480c953763a38ef9a948988b99235b0af149ba
- SHA512
  
  754d51039d3c50dc82f38b5cea2af33aaccc75237898d2550898aea85c3ab307a3665780c2e529a116b39faec3fd7f3b4901ad2a89dc44495cce2767e06638b3
Score

10^/10

discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy