ad727f56774154d1e7fc7e6ffff7b5d53e18b96b98a00af4aa6bd464d09064d0 | Triage

Submit
Reports

Overview

overview

Static

static

IDM Pre-Cr...it.exe

windows7_x64

IDM Pre-Cr...it.exe

windows10_x64

8

Sharing

General

Target

IDM Pre-Crack @RedBlueHit.exe
Size

6.8MB
Sample

210421-eqemp1p21e
MD5

8201273cfefcff5b91f7d74304590da2
SHA1

2551eae3464f3ed02028adfbcb704853562efa97
SHA256

ad727f56774154d1e7fc7e6ffff7b5d53e18b96b98a00af4aa6bd464d09064d0
SHA512

6a9ba0872bd0acceace12876afc95a087990279e3121dedf4baaabb93710224c4a920ed412c75d450a0d4f2c7b1be336907c0f08d2f57aaf4ca60dc3587cdd2c

Score

10^/10

adware discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IDM Pre-Crack @RedBlueHit.exe

Resource

win7v20210410

adware discovery evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IDM Pre-Crack @RedBlueHit.exe

Resource

win10v20210408

adware discovery stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  IDM Pre-Crack @RedBlueHit.exe
- Size
  
  6.8MB
- MD5
  
  8201273cfefcff5b91f7d74304590da2
- SHA1
  
  2551eae3464f3ed02028adfbcb704853562efa97
- SHA256
  
  ad727f56774154d1e7fc7e6ffff7b5d53e18b96b98a00af4aa6bd464d09064d0
- SHA512
  
  6a9ba0872bd0acceace12876afc95a087990279e3121dedf4baaabb93710224c4a920ed412c75d450a0d4f2c7b1be336907c0f08d2f57aaf4ca60dc3587cdd2c
Score

10^/10

adware discovery evasion persistence spyware stealer trojan
- Registers COM server for autorun
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoveryevasionpersistencespywarestealertrojan

behavioral2

adwarediscoverystealer

© 2018-2024

Terms | Privacy