01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b | Triage

Submit
Reports

Overview

overview

7

Static

static

1

01274727f9...5b.exe

windows7_x64

7

01274727f9...5b.exe

windows10-2004_x64

7

Sharing

General

Target

01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b
Size

632KB
Sample

220523-3xlwtaabc7
MD5

633d4539acab262b649d1addfc1828b2
SHA1

939bbff1ece59c1cb40166b384d47862371a1e2d
SHA256

01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b
SHA512

c26124c92ee7924ec35a3df6efa2036d54bc41a099d5cf494853608490a8050fdd396892ccd907c5230ffbf392498f12baf57b6dcf934be823f5560195f1aa94

Score

7^/10

adware discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b.exe

Resource

win7-20220414-en

adware discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b.exe

Resource

win10v2004-20220414-en

adware discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b
- Size
  
  632KB
- MD5
  
  633d4539acab262b649d1addfc1828b2
- SHA1
  
  939bbff1ece59c1cb40166b384d47862371a1e2d
- SHA256
  
  01274727f9b7d68536ee386117e7da4b66eb9cefb12a4996ec02b768baa28b5b
- SHA512
  
  c26124c92ee7924ec35a3df6efa2036d54bc41a099d5cf494853608490a8050fdd396892ccd907c5230ffbf392498f12baf57b6dcf934be823f5560195f1aa94
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer

© 2018-2024

Terms | Privacy