37d2cf0a8b34ace5f876c67d64bd1bcf75f5b4de463c53289cbd1a1bdf497ab1 | Triage

Sharing

General

Target

37d2cf0a8b34ace5f876c67d64bd1bcf75f5b4de463c53289cbd1a1bdf497ab1
Size

4.1MB
Sample

221124-n3hzsafb3z
MD5

872a8daf91eaca8e0b952491032c5d82
SHA1

40a18ed5af07597f6bdb0df6d3154135052d766a
SHA256

37d2cf0a8b34ace5f876c67d64bd1bcf75f5b4de463c53289cbd1a1bdf497ab1
SHA512

1289f92ab11508f5e35cbbeef015d0fd6e530b95ef42d0a4c9e1567f5b3a7195f9d6bef9d058483332f96301a67e4ec895b701c5a42354889cfb3fff0bfb2fcd
SSDEEP

49152:YcNm5RqPthUYJj8BWA0wEJVnfwZU5BcumGqLHvrZp7WO3ATPejo:YumscYuwJ5qjv1p7WOwbk

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  37d2cf0a8b34ace5f876c67d64bd1bcf75f5b4de463c53289cbd1a1bdf497ab1
- Size
  
  4.1MB
- MD5
  
  872a8daf91eaca8e0b952491032c5d82
- SHA1
  
  40a18ed5af07597f6bdb0df6d3154135052d766a
- SHA256
  
  37d2cf0a8b34ace5f876c67d64bd1bcf75f5b4de463c53289cbd1a1bdf497ab1
- SHA512
  
  1289f92ab11508f5e35cbbeef015d0fd6e530b95ef42d0a4c9e1567f5b3a7195f9d6bef9d058483332f96301a67e4ec895b701c5a42354889cfb3fff0bfb2fcd
- SSDEEP
  
  49152:YcNm5RqPthUYJj8BWA0wEJVnfwZU5BcumGqLHvrZp7WO3ATPejo:YumscYuwJ5qjv1p7WOwbk
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer