ab5d3c89a2777b13df311069ff6c0420ed7575b6fae5d8c062cdccaa96894d3f | Triage

Sharing

General

Target

ab5d3c89a2777b13df311069ff6c0420ed7575b6fae5d8c062cdccaa96894d3f
Size

2.1MB
Sample

221123-qpbpnahe2w
MD5

68e7d3edcb9d655d94d58a3db8253550
SHA1

7e0b525d5895fb13e064ccd3aa57b9d542b34f3f
SHA256

ab5d3c89a2777b13df311069ff6c0420ed7575b6fae5d8c062cdccaa96894d3f
SHA512

39d69512b5b2172400dd346e7990ee6b8aeb2e3d132faf62ed8f451b074ff891eebd9d3b055192b4949d33e65f124f7410f19e2c121bab29456ba783fe04c357
SSDEEP

49152:XkWY694CQwU+gZQLAwHyLTU9QGY9Mg8pmuZisW5IqYu5MTyoP:nY6JQX5QLAwHOIQGYmwIqYEKyoP

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  ab5d3c89a2777b13df311069ff6c0420ed7575b6fae5d8c062cdccaa96894d3f
- Size
  
  2.1MB
- MD5
  
  68e7d3edcb9d655d94d58a3db8253550
- SHA1
  
  7e0b525d5895fb13e064ccd3aa57b9d542b34f3f
- SHA256
  
  ab5d3c89a2777b13df311069ff6c0420ed7575b6fae5d8c062cdccaa96894d3f
- SHA512
  
  39d69512b5b2172400dd346e7990ee6b8aeb2e3d132faf62ed8f451b074ff891eebd9d3b055192b4949d33e65f124f7410f19e2c121bab29456ba783fe04c357
- SSDEEP
  
  49152:XkWY694CQwU+gZQLAwHyLTU9QGY9Mg8pmuZisW5IqYu5MTyoP:nY6JQX5QLAwHOIQGYmwIqYEKyoP
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer