Overview

overview

10

Static

static

1

IObit.Unin...RC.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IObit.Uninstaller-11.0.0.40.RC.exe

  • Size

    21.6MB

  • Sample

    210715-9n3p9qj5sj

  • MD5

    e0c176fc73efc0500be51fc5ed64c41a

  • SHA1

    c445a3e636e756cba347141f95130830789bce52

  • SHA256

    38934abd31eaf9ed9c91d99f4946598820bd4cdf96d5fa6cb921edf33e68ec6e

  • SHA512

    b9b3af6d6082146a8b8fc49086bcd34a936c2078d59512b0af2cc5c8209c89d4d6f32c8950cd7e8d12639543a638ce6c16feb24bca959e922570273aeb688402

Score
10/10
adwarediscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      IObit.Uninstaller-11.0.0.40.RC.exe

    • Size

      21.6MB

    • MD5

      e0c176fc73efc0500be51fc5ed64c41a

    • SHA1

      c445a3e636e756cba347141f95130830789bce52

    • SHA256

      38934abd31eaf9ed9c91d99f4946598820bd4cdf96d5fa6cb921edf33e68ec6e

    • SHA512

      b9b3af6d6082146a8b8fc49086bcd34a936c2078d59512b0af2cc5c8209c89d4d6f32c8950cd7e8d12639543a638ce6c16feb24bca959e922570273aeb688402

    Score
    10/10
    adwarediscoverypersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Security Software Discovery

1
T1063

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks