Overview

overview

8

Static

static

c9087aa251...df.exe

windows7-x64

8

c9087aa251...df.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9087aa2515ea00be81e3ff005c04ac2088d2afdae470a3531084dfa83f870df

  • Size

    2.5MB

  • Sample

    221124-x2zqksdg48

  • MD5

    dacbe2042497ff945f975aa52cd5a08a

  • SHA1

    9ed01083a59beecc8c72713953cab6bd6f4156ad

  • SHA256

    c9087aa2515ea00be81e3ff005c04ac2088d2afdae470a3531084dfa83f870df

  • SHA512

    5ccf66588a92e4f863bc5b67e213cb30993a495d57dacb17df78125f3622113f215b1f97fcc1fa4daf55f393536160357b8d645f57a5160bac69427a236408de

  • SSDEEP

    49152:h1OstPHVmVhYwiLtKkKyW4nFU0I+NP/f7I3lMOaYjdxvL0Hd:h1OwHVl71RnFXINxvc

Score
8/10
adwarediscoveryspywarestealer

Malware Config

Targets

    • Target

      c9087aa2515ea00be81e3ff005c04ac2088d2afdae470a3531084dfa83f870df

    • Size

      2.5MB

    • MD5

      dacbe2042497ff945f975aa52cd5a08a

    • SHA1

      9ed01083a59beecc8c72713953cab6bd6f4156ad

    • SHA256

      c9087aa2515ea00be81e3ff005c04ac2088d2afdae470a3531084dfa83f870df

    • SHA512

      5ccf66588a92e4f863bc5b67e213cb30993a495d57dacb17df78125f3622113f215b1f97fcc1fa4daf55f393536160357b8d645f57a5160bac69427a236408de

    • SSDEEP

      49152:h1OstPHVmVhYwiLtKkKyW4nFU0I+NP/f7I3lMOaYjdxvL0Hd:h1OwHVl71RnFXINxvc

    Score
    8/10
    adwarediscoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks