c0292da4f2a0af7393967a806f89db8129967da15c3e14feb142dd74d1bc426f | Triage

Sharing

General

Target

c0292da4f2a0af7393967a806f89db8129967da15c3e14feb142dd74d1bc426f
Size

2.5MB
Sample

221124-yj6a3shh9x
MD5

981540e5aadb8c7b3fc16383dee08218
SHA1

712465521c32774beb5a6a83b16fdb52498859a5
SHA256

c0292da4f2a0af7393967a806f89db8129967da15c3e14feb142dd74d1bc426f
SHA512

2c4f0064c56e956312a7f99d9e34f0c664b4fbc4865eab8ce54cc2c2e58514a322ce35db404d576daa8ea3c5b8e2269cfb47f781601289d03c4ca9cb025ca99b
SSDEEP

49152:h1OslSQeb71DLvFzAqRmyyVchO4apKHcHhXa3FXWlPC1IS5z0:h1OcSQY1DCqkck4apyLqb

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  c0292da4f2a0af7393967a806f89db8129967da15c3e14feb142dd74d1bc426f
- Size
  
  2.5MB
- MD5
  
  981540e5aadb8c7b3fc16383dee08218
- SHA1
  
  712465521c32774beb5a6a83b16fdb52498859a5
- SHA256
  
  c0292da4f2a0af7393967a806f89db8129967da15c3e14feb142dd74d1bc426f
- SHA512
  
  2c4f0064c56e956312a7f99d9e34f0c664b4fbc4865eab8ce54cc2c2e58514a322ce35db404d576daa8ea3c5b8e2269cfb47f781601289d03c4ca9cb025ca99b
- SSDEEP
  
  49152:h1OslSQeb71DLvFzAqRmyyVchO4apKHcHhXa3FXWlPC1IS5z0:h1OcSQY1DCqkck4apyLqb
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer