102434e5955a45b41a1211452280e6239b0cff29980b69d81f26affc7a83db63 | Triage

Sharing

General

Target

102434e5955a45b41a1211452280e6239b0cff29980b69d81f26affc7a83db63
Size

2.1MB
Sample

221124-gvs2fsge21
MD5

bdb303d2d436060129d6c424aac18aca
SHA1

72ce1da78a12f5007e0f4fef04072712ef8b9d66
SHA256

102434e5955a45b41a1211452280e6239b0cff29980b69d81f26affc7a83db63
SHA512

e999e60d090badf1f36c650d72c0562b8c76d7693d8591364d83292e42bb9c57d550ec0a230dc14fd83acb930766a888ce2d974170e237022671399dfffcdb86
SSDEEP

24576:h1OYdaORTwLleYkTVug2PiL0jHM8WK5z6Sh19BUfOD4XRt1otyBNvJvMXzGK5IhH:h1OscLARTQ9PimJWtShQnvQsruW

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  102434e5955a45b41a1211452280e6239b0cff29980b69d81f26affc7a83db63
- Size
  
  2.1MB
- MD5
  
  bdb303d2d436060129d6c424aac18aca
- SHA1
  
  72ce1da78a12f5007e0f4fef04072712ef8b9d66
- SHA256
  
  102434e5955a45b41a1211452280e6239b0cff29980b69d81f26affc7a83db63
- SHA512
  
  e999e60d090badf1f36c650d72c0562b8c76d7693d8591364d83292e42bb9c57d550ec0a230dc14fd83acb930766a888ce2d974170e237022671399dfffcdb86
- SSDEEP
  
  24576:h1OYdaORTwLleYkTVug2PiL0jHM8WK5z6Sh19BUfOD4XRt1otyBNvJvMXzGK5IhH:h1OscLARTQ9PimJWtShQnvQsruW
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer