Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 15:41
Static task
static1
Behavioral task
behavioral1
Sample
e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f.exe
Resource
win7-20220812-en
General
-
Target
e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f.exe
-
Size
2.3MB
-
MD5
55f25c91e1bd777264df035454268d35
-
SHA1
173bc01b2f4a544e2be7f8dd76f3f89c2ff37a28
-
SHA256
e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f
-
SHA512
af95e0a1f9c3c3f3e30579d26d856582620ac84a3da2e1cfde994f64cf11821ce76a259d5dd1b4d9c0a26114c614bf720beeca5143f7af1b4919a10dc9f4f4e0
-
SSDEEP
49152:brJrbceRgd0jUbcGb+8JL3KYmswdwX7I4W:tlZ9zODM2
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension 3 IoCs
Processes:
e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f.exedescription ioc process File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\187\manifest.json e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f.exe File created C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\187\manifest.json e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f.exe File created C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\187\manifest.json e0d85ec61d95463b9cf1909f6dbd25d5661aaa537a262fe08bf726bbb6ca3e4f.exe