0dc88b0dc2dc85c50a5ad96a3bd5cd63dbe041063685d30478ac7c604429cec9 | Triage

Sharing

General

Target

0dc88b0dc2dc85c50a5ad96a3bd5cd63dbe041063685d30478ac7c604429cec9
Size

1.0MB
Sample

220529-trkxwsbdep
MD5

7e40a6a2d756679ab437249911a42f6a
SHA1

24fa637540bb0c4052c3e7061ff9a2f4f891e722
SHA256

0dc88b0dc2dc85c50a5ad96a3bd5cd63dbe041063685d30478ac7c604429cec9
SHA512

267be9d5b2db608d5272f9701e22d9d5dde71bb38b9ca52ca9902bff123adf5f4139d9f4404fb33d193b43fab8c92dfad5f8b4b7c5392775bb8e92b15f04d170

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  0dc88b0dc2dc85c50a5ad96a3bd5cd63dbe041063685d30478ac7c604429cec9
- Size
  
  1.0MB
- MD5
  
  7e40a6a2d756679ab437249911a42f6a
- SHA1
  
  24fa637540bb0c4052c3e7061ff9a2f4f891e722
- SHA256
  
  0dc88b0dc2dc85c50a5ad96a3bd5cd63dbe041063685d30478ac7c604429cec9
- SHA512
  
  267be9d5b2db608d5272f9701e22d9d5dde71bb38b9ca52ca9902bff123adf5f4139d9f4404fb33d193b43fab8c92dfad5f8b4b7c5392775bb8e92b15f04d170
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer