e4197b33b1e1932dae30e796db9f15d308a789c1fe630a4737212fdc070baafe | Triage

Sharing

General

Target

e4197b33b1e1932dae30e796db9f15d308a789c1fe630a4737212fdc070baafe
Size

2.1MB
Sample

221123-s3h21ach73
MD5

ebd1a196c179cfc7d2f2b11ba6c380f4
SHA1

93cd552252f4adefccece355b3ff8be2e74bdff8
SHA256

e4197b33b1e1932dae30e796db9f15d308a789c1fe630a4737212fdc070baafe
SHA512

ec63e2501295dcd90c684f113a56a81fcafcf42b45d445766738a0ee512f529b679061b1fbe0c6ae84643b31a0d0a0b0554964e7502937a2827091dc7ec722f8
SSDEEP

49152:h1OssAxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr3+:h1OXAxib7CqWfTAeP2vaDhtSdpT

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  e4197b33b1e1932dae30e796db9f15d308a789c1fe630a4737212fdc070baafe
- Size
  
  2.1MB
- MD5
  
  ebd1a196c179cfc7d2f2b11ba6c380f4
- SHA1
  
  93cd552252f4adefccece355b3ff8be2e74bdff8
- SHA256
  
  e4197b33b1e1932dae30e796db9f15d308a789c1fe630a4737212fdc070baafe
- SHA512
  
  ec63e2501295dcd90c684f113a56a81fcafcf42b45d445766738a0ee512f529b679061b1fbe0c6ae84643b31a0d0a0b0554964e7502937a2827091dc7ec722f8
- SSDEEP
  
  49152:h1OssAxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr3+:h1OXAxib7CqWfTAeP2vaDhtSdpT
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer