460e20c64492eb39388add56c70e5cdd3fd68683b9933e3d1e10f876fe894e95 | Triage

Sharing

General

Target

460e20c64492eb39388add56c70e5cdd3fd68683b9933e3d1e10f876fe894e95
Size

4.1MB
Sample

221124-lltzlsed54
MD5

fd1b0480ed2943345cf02c08d4f3f829
SHA1

6af852e53b8b7e049446cf9698107ac03fc72b9b
SHA256

460e20c64492eb39388add56c70e5cdd3fd68683b9933e3d1e10f876fe894e95
SHA512

622f2487f1e8536e3d542c555925c0a019943311c4d0fe546d69d36937a21692676a029ef66bedd2fd5f8ce1e2a80cf00e50ff644cb0f70fde5e913239bb24a6
SSDEEP

49152:9pYmvfKaT/SVDjsBVA0wzJunfwZU5BcumKuXPYefftBCCuw1lQmEbp7YuwlLw:96m9GVg8JbNlBCCuMDElZwR

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  460e20c64492eb39388add56c70e5cdd3fd68683b9933e3d1e10f876fe894e95
- Size
  
  4.1MB
- MD5
  
  fd1b0480ed2943345cf02c08d4f3f829
- SHA1
  
  6af852e53b8b7e049446cf9698107ac03fc72b9b
- SHA256
  
  460e20c64492eb39388add56c70e5cdd3fd68683b9933e3d1e10f876fe894e95
- SHA512
  
  622f2487f1e8536e3d542c555925c0a019943311c4d0fe546d69d36937a21692676a029ef66bedd2fd5f8ce1e2a80cf00e50ff644cb0f70fde5e913239bb24a6
- SSDEEP
  
  49152:9pYmvfKaT/SVDjsBVA0wzJunfwZU5BcumKuXPYefftBCCuw1lQmEbp7YuwlLw:96m9GVg8JbNlBCCuMDElZwR
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistencespywarestealer