980f8a56ade84757d7934dec18706b91cc8c9f226a3c9953001ad4dfc92390bc | Triage

Sharing

General

Target

980f8a56ade84757d7934dec18706b91cc8c9f226a3c9953001ad4dfc92390bc
Size

4.4MB
Sample

221124-1sgeesbg94
MD5

b7f3d23016b1e4f71350a78ee8168920
SHA1

a2155bb0fa72c47d25ba3c4245557d84f8f12b38
SHA256

980f8a56ade84757d7934dec18706b91cc8c9f226a3c9953001ad4dfc92390bc
SHA512

efa7368b249d79b34f373ebda50bcf07c06df4626dcfdef516e1ab64097a6bdce625f97e410eeca4be431eba9f8eb460f7078d8d9485c88c3c00bf2b01d0208a
SSDEEP

49152:OW80dm9/XOUkRx9zxup4NvppWmD/M2BKQlmPXGIjQrDZ8hpTQd/t:h09/z6xhvpp1D/EP2iQPZspsd/

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  980f8a56ade84757d7934dec18706b91cc8c9f226a3c9953001ad4dfc92390bc
- Size
  
  4.4MB
- MD5
  
  b7f3d23016b1e4f71350a78ee8168920
- SHA1
  
  a2155bb0fa72c47d25ba3c4245557d84f8f12b38
- SHA256
  
  980f8a56ade84757d7934dec18706b91cc8c9f226a3c9953001ad4dfc92390bc
- SHA512
  
  efa7368b249d79b34f373ebda50bcf07c06df4626dcfdef516e1ab64097a6bdce625f97e410eeca4be431eba9f8eb460f7078d8d9485c88c3c00bf2b01d0208a
- SSDEEP
  
  49152:OW80dm9/XOUkRx9zxup4NvppWmD/M2BKQlmPXGIjQrDZ8hpTQd/t:h09/z6xhvpp1D/EP2iQPZspsd/
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer