ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef | Triage

Submit
Reports

Overview

overview

8

Static

static

ecafdc6351...ef.exe

windows7-x64

8

ecafdc6351...ef.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef
Size

245KB
Sample

221020-ld38bafddr
MD5

5da0f73c8b1d5d564154c9aaa2eec2a0
SHA1

7b61ff6aa020d864278853a94809c9cada74b320
SHA256

ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef
SHA512

ad18a867c47d6ffc9df2e42d43ffa752c65a17036a34b282e5636d90c8cb41a38287ed2ca90c45ba6e0cd6becf6c205e7b3243bc1b9ee7ef83b18c37b797dd9f
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5Htzv5L2DSnpQ2oUx:h1OgLdaONzXnVx

Score

8^/10

adware discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef.exe

Resource

win7-20220812-en

adware discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef.exe

Resource

win10v2004-20220812-en

adware discovery spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef
- Size
  
  245KB
- MD5
  
  5da0f73c8b1d5d564154c9aaa2eec2a0
- SHA1
  
  7b61ff6aa020d864278853a94809c9cada74b320
- SHA256
  
  ecafdc6351b80499d845d4a69dd0c6e1ef5a7a00c105e885c9c53d38f33a6aef
- SHA512
  
  ad18a867c47d6ffc9df2e42d43ffa752c65a17036a34b282e5636d90c8cb41a38287ed2ca90c45ba6e0cd6becf6c205e7b3243bc1b9ee7ef83b18c37b797dd9f
- SSDEEP
  
  6144:h1OgDPdkBAFZWjadD4s5Htzv5L2DSnpQ2oUx:h1OgLdaONzXnVx
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer

© 2018-2025

Terms | Privacy