b290a371ec05c2194ab6f07ae8ae8a3d8958fdfa9efa7da820c453ec689261f8 | Triage

Sharing

General

Target

b290a371ec05c2194ab6f07ae8ae8a3d8958fdfa9efa7da820c453ec689261f8
Size

2.1MB
Sample

221124-fkaxfsde7z
MD5

8a19b2e00c37c605c0f0bd1bf61a963c
SHA1

2f3ac34d75f515c351bb5303a645a4df6c8e2c24
SHA256

b290a371ec05c2194ab6f07ae8ae8a3d8958fdfa9efa7da820c453ec689261f8
SHA512

90c1d9f3d1946e6876e3b41606ebe597ecea5730bba69c2d9732ed1af385068d28da1b904490b37bb1f5d58db5b5254accfb17bca28df3ae0d50692f04cfece5
SSDEEP

24576:h1OYdaODNVGiAEAd/KjjBKyu73i8mxcmMMV6zs+G/pC2d1RJoTJnQqphTuS2MD3W:h1Os4MAd/OxfV6zZGYg1RJQnFrTc2Sh

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  b290a371ec05c2194ab6f07ae8ae8a3d8958fdfa9efa7da820c453ec689261f8
- Size
  
  2.1MB
- MD5
  
  8a19b2e00c37c605c0f0bd1bf61a963c
- SHA1
  
  2f3ac34d75f515c351bb5303a645a4df6c8e2c24
- SHA256
  
  b290a371ec05c2194ab6f07ae8ae8a3d8958fdfa9efa7da820c453ec689261f8
- SHA512
  
  90c1d9f3d1946e6876e3b41606ebe597ecea5730bba69c2d9732ed1af385068d28da1b904490b37bb1f5d58db5b5254accfb17bca28df3ae0d50692f04cfece5
- SSDEEP
  
  24576:h1OYdaODNVGiAEAd/KjjBKyu73i8mxcmMMV6zs+G/pC2d1RJoTJnQqphTuS2MD3W:h1Os4MAd/OxfV6zZGYg1RJQnFrTc2Sh
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer