Overview

overview

7

Static

static

IDMan.exe.BAK.exe

windows7_x64

7

IDMan.exe.BAK.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IDMan.exe.BAK

  • Size

    5.4MB

  • Sample

    211227-fy3jmacbh9

  • MD5

    b8d7645145e2e1d7ac5d2e583b3c66d5

  • SHA1

    2a59fdf64dde70d8586e098f5cef9dd7d1f446ef

  • SHA256

    ee560acab243d04bfeec513dba0d6f984e02c83678465b2e2d22fb7b7072e134

  • SHA512

    503c3748ef90744f16a48e924952ed55535a1a49d005e077910dc5499d7019e5476e38f66cef0d399664653c7f89b4a40fc1129aaae11ed857f2a6def93e2915

Score
7/10
adwarepersistencespywarestealer

Malware Config

Targets

    • Target

      IDMan.exe.BAK

    • Size

      5.4MB

    • MD5

      b8d7645145e2e1d7ac5d2e583b3c66d5

    • SHA1

      2a59fdf64dde70d8586e098f5cef9dd7d1f446ef

    • SHA256

      ee560acab243d04bfeec513dba0d6f984e02c83678465b2e2d22fb7b7072e134

    • SHA512

      503c3748ef90744f16a48e924952ed55535a1a49d005e077910dc5499d7019e5476e38f66cef0d399664653c7f89b4a40fc1129aaae11ed857f2a6def93e2915

    Score
    7/10
    adwarepersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks