3c9fb9cce6f3ffeaa5c98f25401767e5b10f7345189e060e6ba8696de07026f0 | Triage

Sharing

General

Target

3c9fb9cce6f3ffeaa5c98f25401767e5b10f7345189e060e6ba8696de07026f0
Size

2.1MB
Sample

221123-v1chjsdd9s
MD5

25674874aa85437b8f407044b5ef8118
SHA1

421cf3233a068f7b4dbdb9a90e05025f3a52f81b
SHA256

3c9fb9cce6f3ffeaa5c98f25401767e5b10f7345189e060e6ba8696de07026f0
SHA512

d00446fcd10c284354b61a1fafedb174b0ad5f6d5496664e97c04b34295577d328fa5ad9268386c6da3e0c390532b03b0509f28aedb13ecb21907e1a25f41184
SSDEEP

49152:h1OsbAxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr3e:h1OyAxib7CqWfTAeP2vaDhtSdpF

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  3c9fb9cce6f3ffeaa5c98f25401767e5b10f7345189e060e6ba8696de07026f0
- Size
  
  2.1MB
- MD5
  
  25674874aa85437b8f407044b5ef8118
- SHA1
  
  421cf3233a068f7b4dbdb9a90e05025f3a52f81b
- SHA256
  
  3c9fb9cce6f3ffeaa5c98f25401767e5b10f7345189e060e6ba8696de07026f0
- SHA512
  
  d00446fcd10c284354b61a1fafedb174b0ad5f6d5496664e97c04b34295577d328fa5ad9268386c6da3e0c390532b03b0509f28aedb13ecb21907e1a25f41184
- SSDEEP
  
  49152:h1OsbAxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr3e:h1OyAxib7CqWfTAeP2vaDhtSdpF
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer