1414750ba47c298124a369a60841cced8ef3f76392dcdd6b291e4d239af1070f | Triage

Sharing

General

Target

1414750ba47c298124a369a60841cced8ef3f76392dcdd6b291e4d239af1070f
Size

4.1MB
Sample

221124-mcr94abb3t
MD5

d8ee517b0233a8b94a5661662090f7b1
SHA1

41bb413c38615bc5dd9145f78631e38eac093aff
SHA256

1414750ba47c298124a369a60841cced8ef3f76392dcdd6b291e4d239af1070f
SHA512

efdc55b5ccb9c2b86b264229dde3b9e3db68f642558bd180817b4781330364310673150d4e122c0dabd3c7a4d030152d35104132ab5390ab89e8c491f88ef9e9
SSDEEP

49152:xcPmW7JVYzD2ZjQBCA0wEJVnfwZU5BcumYuXPYefftBClHvrZp4w/PMtn8NE3I9W:xsmyc2CMJuNlBCVv1ppPMtEE3IhJ

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  1414750ba47c298124a369a60841cced8ef3f76392dcdd6b291e4d239af1070f
- Size
  
  4.1MB
- MD5
  
  d8ee517b0233a8b94a5661662090f7b1
- SHA1
  
  41bb413c38615bc5dd9145f78631e38eac093aff
- SHA256
  
  1414750ba47c298124a369a60841cced8ef3f76392dcdd6b291e4d239af1070f
- SHA512
  
  efdc55b5ccb9c2b86b264229dde3b9e3db68f642558bd180817b4781330364310673150d4e122c0dabd3c7a4d030152d35104132ab5390ab89e8c491f88ef9e9
- SSDEEP
  
  49152:xcPmW7JVYzD2ZjQBCA0wEJVnfwZU5BcumYuXPYefftBClHvrZp4w/PMtn8NE3I9W:xsmyc2CMJuNlBCVv1ppPMtEE3IhJ
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer