ad4becf1d6fef97521e285d76e4d9d7e2c7b0567b054b1fcb931a510b9ff728c | Triage

Sharing

General

Target

ad4becf1d6fef97521e285d76e4d9d7e2c7b0567b054b1fcb931a510b9ff728c
Size

931KB
Sample

221124-jg8abscc2x
MD5

34743fb951f378b8463b65c83fdd0b1f
SHA1

1f7d3c9b6b3358f8a80a0f5553b18da249b37bd8
SHA256

ad4becf1d6fef97521e285d76e4d9d7e2c7b0567b054b1fcb931a510b9ff728c
SHA512

ee785164f9e53dfd995acd12b7136060227ea2c842c0ea3cfe33b51a55a999b1123cdee2606bcc016dd4156f454da8ebb4b39d06d7cd0badb220b14ca2e6dc29
SSDEEP

24576:h1OYdaO7MWSUbvCXEQKSqGv8VWumF6RmcJozyPvpf+:h1OsVMWyUQ+GUVFIcHPvpf+

Score

8^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ad4becf1d6fef97521e285d76e4d9d7e2c7b0567b054b1fcb931a510b9ff728c
- Size
  
  931KB
- MD5
  
  34743fb951f378b8463b65c83fdd0b1f
- SHA1
  
  1f7d3c9b6b3358f8a80a0f5553b18da249b37bd8
- SHA256
  
  ad4becf1d6fef97521e285d76e4d9d7e2c7b0567b054b1fcb931a510b9ff728c
- SHA512
  
  ee785164f9e53dfd995acd12b7136060227ea2c842c0ea3cfe33b51a55a999b1123cdee2606bcc016dd4156f454da8ebb4b39d06d7cd0badb220b14ca2e6dc29
- SSDEEP
  
  24576:h1OYdaO7MWSUbvCXEQKSqGv8VWumF6RmcJozyPvpf+:h1OsVMWyUQ+GUVFIcHPvpf+
Score

8^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer