Overview

overview

7

Static

static

IDMan.exe

windows7_x64

7

Resubmissions

12-09-2021 12:11

210912-pcmeysccc3 7

11-09-2021 15:00

210911-sdk53abea2 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IDMan.exe

  • Size

    5.4MB

  • Sample

    210912-pcmeysccc3

  • MD5

    9cf336cc118a12ef6b9c7e1a8def8af6

  • SHA1

    fbf3d5f7e1e34c7a4215b7ab8cef5065222ae59c

  • SHA256

    6dfc9ff4cb327d959df26226952ba79a9b0ec3590de54d34533a290581774041

  • SHA512

    fb7adb2c03160d0ca750be5849f1845f1f57432321863d0e5f3b94f8d7d45ab3dd06d0bd0c146c0e88da2caedc6369bb03b273556145534126940cde4aceafd8

Score
7/10
adwarepersistencespywarestealer

Malware Config

Targets

    • Target

      IDMan.exe

    • Size

      5.4MB

    • MD5

      9cf336cc118a12ef6b9c7e1a8def8af6

    • SHA1

      fbf3d5f7e1e34c7a4215b7ab8cef5065222ae59c

    • SHA256

      6dfc9ff4cb327d959df26226952ba79a9b0ec3590de54d34533a290581774041

    • SHA512

      fb7adb2c03160d0ca750be5849f1845f1f57432321863d0e5f3b94f8d7d45ab3dd06d0bd0c146c0e88da2caedc6369bb03b273556145534126940cde4aceafd8

    Score
    7/10
    adwarepersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks