ff71dd00472e61bad38e00a9d60325b4cee792eb189f444049a060e048cda153 | Triage

Sharing

General

Target

ff71dd00472e61bad38e00a9d60325b4cee792eb189f444049a060e048cda153
Size

2.5MB
Sample

221124-tvaakafa25
MD5

118315f044720690ff524a765078f321
SHA1

089fd80df7133b98d090af056d84354a16506089
SHA256

ff71dd00472e61bad38e00a9d60325b4cee792eb189f444049a060e048cda153
SHA512

246734c1f8236fd7773a3f81adf9eec7e29fe570e1bf37b49d922990d1d50bfa9083123ddc4ff2c2af1bb5ab1387ca3348b1bdc045ff2562f7ea607207025364
SSDEEP

49152:h1Os/+QK3xQpjajXKioFMpYphqd3ArqvFUmEaDxEAxh4UR9TEH:h1OfQCjbKioVg3ArKh40e

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  ff71dd00472e61bad38e00a9d60325b4cee792eb189f444049a060e048cda153
- Size
  
  2.5MB
- MD5
  
  118315f044720690ff524a765078f321
- SHA1
  
  089fd80df7133b98d090af056d84354a16506089
- SHA256
  
  ff71dd00472e61bad38e00a9d60325b4cee792eb189f444049a060e048cda153
- SHA512
  
  246734c1f8236fd7773a3f81adf9eec7e29fe570e1bf37b49d922990d1d50bfa9083123ddc4ff2c2af1bb5ab1387ca3348b1bdc045ff2562f7ea607207025364
- SSDEEP
  
  49152:h1Os/+QK3xQpjajXKioFMpYphqd3ArqvFUmEaDxEAxh4UR9TEH:h1OfQCjbKioVg3ArKh40e
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer