Overview

overview

8

Static

static

29f2a07314...28.exe

windows7-x64

8

29f2a07314...28.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29f2a07314a26b7b88ea90a3fb5f6374387c7c97f080d922872048f36453c628

  • Size

    2.1MB

  • Sample

    221123-r3lbpaac67

  • MD5

    93a97b2d856567ef4298d3a093b0b9b1

  • SHA1

    ab051d92ac14447baf8bef10e63c0ceff17f70c0

  • SHA256

    29f2a07314a26b7b88ea90a3fb5f6374387c7c97f080d922872048f36453c628

  • SHA512

    15d051c22073347febd250717ed40048fa47550ab175eed9ffc140c206078e9c89076f8a469b964559264c4307572f0252f1f60162512be6fc08a8315ac0455e

  • SSDEEP

    49152:okg1wkrm2q74IdJk20oCqltz2h9ntGuF3HHovVpL4l:w1wkC2q7zdJx3/CYuJHOjk

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      29f2a07314a26b7b88ea90a3fb5f6374387c7c97f080d922872048f36453c628

    • Size

      2.1MB

    • MD5

      93a97b2d856567ef4298d3a093b0b9b1

    • SHA1

      ab051d92ac14447baf8bef10e63c0ceff17f70c0

    • SHA256

      29f2a07314a26b7b88ea90a3fb5f6374387c7c97f080d922872048f36453c628

    • SHA512

      15d051c22073347febd250717ed40048fa47550ab175eed9ffc140c206078e9c89076f8a469b964559264c4307572f0252f1f60162512be6fc08a8315ac0455e

    • SSDEEP

      49152:okg1wkrm2q74IdJk20oCqltz2h9ntGuF3HHovVpL4l:w1wkC2q7zdJx3/CYuJHOjk

    Score
    8/10
    adwarediscoverypersistencespywarestealer

    • Registers COM server for autorun

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks