1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0 | Triage

Submit
Reports

Overview

overview

8

Static

static

1d4cd66e02...d0.exe

windows7-x64

8

1d4cd66e02...d0.exe

windows10-2004-x64

8

Sharing

General

Target

1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0
Size

4.2MB
Sample

221124-j9t86sea9t
MD5

6371da6e6d91434bb5b6b6d79625bb55
SHA1

531e4b220678dd9dda65d072c5b71d4d4bc44db5
SHA256

1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0
SHA512

293f48c8ae76ae93b2d15ca42b13d425bca5dd0faad8e0376c168a5dcee3f0a24625b9530c7f14f8bdadd42cb9f6476dd8523709c1aafe6d20506c8b9971f826
SSDEEP

98304:WIyGqt6UT0kSHaRxfyDIIbYJ372FeXKqyG+kevFrmKg:WOA0ARxfykkFZ

Score

8^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0.exe

Resource

win7-20220812-en

adware discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0.exe

Resource

win10v2004-20220812-en

adware discovery persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0
- Size
  
  4.2MB
- MD5
  
  6371da6e6d91434bb5b6b6d79625bb55
- SHA1
  
  531e4b220678dd9dda65d072c5b71d4d4bc44db5
- SHA256
  
  1d4cd66e02af223094ce705d9f40e5da4e74bf3cb9098667c0fe5def28b6efd0
- SHA512
  
  293f48c8ae76ae93b2d15ca42b13d425bca5dd0faad8e0376c168a5dcee3f0a24625b9530c7f14f8bdadd42cb9f6476dd8523709c1aafe6d20506c8b9971f826
- SSDEEP
  
  98304:WIyGqt6UT0kSHaRxfyDIIbYJ372FeXKqyG+kevFrmKg:WOA0ARxfykkFZ
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy