81e9c1cc4175dc16d5ecaa600e807dd59deda488e8fbfd437917b46b1417367f | Triage

Sharing

General

Target

81e9c1cc4175dc16d5ecaa600e807dd59deda488e8fbfd437917b46b1417367f
Size

2.9MB
Sample

221123-t7wdkagb84
MD5

b002e9ccc40dcb0f55458addc21cef3e
SHA1

58130c93092abdf0928f5117ce43f2ca534aa722
SHA256

81e9c1cc4175dc16d5ecaa600e807dd59deda488e8fbfd437917b46b1417367f
SHA512

5228b070d1be1feb7147824093af6fb55858c58c99cd75901eda5064759008a98ab958c8a24002765ba1a954a4e2c09b24f21e6479e41a522c9a658845f922cf
SSDEEP

49152:dlxEwdgFVoE5af8hmKDU6IUGJT1FoIdpukRA3AsEawvzeZ+DUnKV+7GeSa1:dEqgv5284KDSF1/dpuFARvN4nw+z

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  81e9c1cc4175dc16d5ecaa600e807dd59deda488e8fbfd437917b46b1417367f
- Size
  
  2.9MB
- MD5
  
  b002e9ccc40dcb0f55458addc21cef3e
- SHA1
  
  58130c93092abdf0928f5117ce43f2ca534aa722
- SHA256
  
  81e9c1cc4175dc16d5ecaa600e807dd59deda488e8fbfd437917b46b1417367f
- SHA512
  
  5228b070d1be1feb7147824093af6fb55858c58c99cd75901eda5064759008a98ab958c8a24002765ba1a954a4e2c09b24f21e6479e41a522c9a658845f922cf
- SSDEEP
  
  49152:dlxEwdgFVoE5af8hmKDU6IUGJT1FoIdpukRA3AsEawvzeZ+DUnKV+7GeSa1:dEqgv5284KDSF1/dpuFARvN4nw+z
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer