9662bae89b9eb3d000e29440b18ab3ccc1eea6d927bf6788e417657abcb4571e | Triage

Sharing

General

Target

9662bae89b9eb3d000e29440b18ab3ccc1eea6d927bf6788e417657abcb4571e
Size

1.4MB
Sample

221123-qwp6mafa52
MD5

ba884d46b1bf8e668a79ef75608ad893
SHA1

3ae639f0e58ebe7429ea669a6955751276122ce3
SHA256

9662bae89b9eb3d000e29440b18ab3ccc1eea6d927bf6788e417657abcb4571e
SHA512

eb6e368f4326bbee8c173b697deff6cb0fb45195745780df8ce23d446fa39dfa7cc21557fa499784b29b0b2dfcd08084b77ea23d453e93ad15aba8957b498c94
SSDEEP

24576:GS6fJHL4I5Dul67v5+7X0ENCRPlWdqy056jSt0nQNZgSOTwlNQQc+HjhCA2I4dTz:G74YC67v5+fNyPlWdLRlmZpFb4dX

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  9662bae89b9eb3d000e29440b18ab3ccc1eea6d927bf6788e417657abcb4571e
- Size
  
  1.4MB
- MD5
  
  ba884d46b1bf8e668a79ef75608ad893
- SHA1
  
  3ae639f0e58ebe7429ea669a6955751276122ce3
- SHA256
  
  9662bae89b9eb3d000e29440b18ab3ccc1eea6d927bf6788e417657abcb4571e
- SHA512
  
  eb6e368f4326bbee8c173b697deff6cb0fb45195745780df8ce23d446fa39dfa7cc21557fa499784b29b0b2dfcd08084b77ea23d453e93ad15aba8957b498c94
- SSDEEP
  
  24576:GS6fJHL4I5Dul67v5+7X0ENCRPlWdqy056jSt0nQNZgSOTwlNQQc+HjhCA2I4dTz:G74YC67v5+fNyPlWdLRlmZpFb4dX
Score

8^/10

adware discovery persistence spyware stealer
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer