a9fb9336ffc04f056751fcbae0809cf82cb06bdb3af7e5d30e7b4ebca4fe5ecb | Triage

Sharing

General

Target

a9fb9336ffc04f056751fcbae0809cf82cb06bdb3af7e5d30e7b4ebca4fe5ecb
Size

4.4MB
Sample

221124-gndcesda67
MD5

0a4f81fe8b20685a716d7c21ef09f7c9
SHA1

fa723f920a8a0ca235a7ec600b126f294b6323e9
SHA256

a9fb9336ffc04f056751fcbae0809cf82cb06bdb3af7e5d30e7b4ebca4fe5ecb
SHA512

d1939f6137b8ba4516eef7554821d468ecf13c0143a8a581a06e6c5a3268a5a62c39a14fd4482a420a41a3be6c28c2229d0a9565f661447e136333a50f763499
SSDEEP

49152:zW80dm9/XOUkRx9zxup44gLptOyCzP5jyPXGIjQgyoC3yE/Ac5mWxnm5t:+09/z6xUkpthCzP5eP2iQvoWNAxeni

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  a9fb9336ffc04f056751fcbae0809cf82cb06bdb3af7e5d30e7b4ebca4fe5ecb
- Size
  
  4.4MB
- MD5
  
  0a4f81fe8b20685a716d7c21ef09f7c9
- SHA1
  
  fa723f920a8a0ca235a7ec600b126f294b6323e9
- SHA256
  
  a9fb9336ffc04f056751fcbae0809cf82cb06bdb3af7e5d30e7b4ebca4fe5ecb
- SHA512
  
  d1939f6137b8ba4516eef7554821d468ecf13c0143a8a581a06e6c5a3268a5a62c39a14fd4482a420a41a3be6c28c2229d0a9565f661447e136333a50f763499
- SSDEEP
  
  49152:zW80dm9/XOUkRx9zxup44gLptOyCzP5jyPXGIjQgyoC3yE/Ac5mWxnm5t:+09/z6xUkpthCzP5eP2iQvoWNAxeni
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer