cbb167000ac0dc5afab2ed6d59a14b2fd63ead9768d1659ec8a654df47440fd7 | Triage

Sharing

General

Target

cbb167000ac0dc5afab2ed6d59a14b2fd63ead9768d1659ec8a654df47440fd7
Size

2.1MB
Sample

221123-tcm4psgg3w
MD5

0368070cdc053dd52ff0e84427d567cb
SHA1

547b2456b2610fad50f8fc377fbe2997ec915b47
SHA256

cbb167000ac0dc5afab2ed6d59a14b2fd63ead9768d1659ec8a654df47440fd7
SHA512

52ec5275919181baee2d4c7742c965a06fc65c219f505afae84c4592faaf1e62b1f5de05e9dacdf61745bf5016177f277a24b7133119ad3d57f80bf05a2e2524
SSDEEP

49152:h1OsFAxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr31:h1OaAxib7CqWfTAeP2vaDhtSdpA

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  cbb167000ac0dc5afab2ed6d59a14b2fd63ead9768d1659ec8a654df47440fd7
- Size
  
  2.1MB
- MD5
  
  0368070cdc053dd52ff0e84427d567cb
- SHA1
  
  547b2456b2610fad50f8fc377fbe2997ec915b47
- SHA256
  
  cbb167000ac0dc5afab2ed6d59a14b2fd63ead9768d1659ec8a654df47440fd7
- SHA512
  
  52ec5275919181baee2d4c7742c965a06fc65c219f505afae84c4592faaf1e62b1f5de05e9dacdf61745bf5016177f277a24b7133119ad3d57f80bf05a2e2524
- SSDEEP
  
  49152:h1OsFAxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr31:h1OaAxib7CqWfTAeP2vaDhtSdpA
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer