04d7c6e1f0caf6344e0d0ea35a848e5145b3c4afccaba34ad2487cf2f7a9c663 | Triage

Sharing

General

Target

04d7c6e1f0caf6344e0d0ea35a848e5145b3c4afccaba34ad2487cf2f7a9c663
Size

717KB
Sample

220527-yjczjaaec5
MD5

4f6d3e840fc232e1acdaea0b6f685cb3
SHA1

69ab2a454f4d780b8198251feebe30bf90a21d70
SHA256

04d7c6e1f0caf6344e0d0ea35a848e5145b3c4afccaba34ad2487cf2f7a9c663
SHA512

07a0f7d9d5ab1484734bee0ec26326eab033d47f67776c587c9519e54175b3310247a0a84758714bb77184817c398a2e2398b2425a6af9701f9a8f1d96ce5d61

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  04d7c6e1f0caf6344e0d0ea35a848e5145b3c4afccaba34ad2487cf2f7a9c663
- Size
  
  717KB
- MD5
  
  4f6d3e840fc232e1acdaea0b6f685cb3
- SHA1
  
  69ab2a454f4d780b8198251feebe30bf90a21d70
- SHA256
  
  04d7c6e1f0caf6344e0d0ea35a848e5145b3c4afccaba34ad2487cf2f7a9c663
- SHA512
  
  07a0f7d9d5ab1484734bee0ec26326eab033d47f67776c587c9519e54175b3310247a0a84758714bb77184817c398a2e2398b2425a6af9701f9a8f1d96ce5d61
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer