4680e13c9cbbbcc4d909cb86bb3c6312881f6e52260590fe2d35da8cb0409cce | Triage

Sharing

General

Target

4680e13c9cbbbcc4d909cb86bb3c6312881f6e52260590fe2d35da8cb0409cce
Size

4.4MB
Sample

221125-cjtrdsdg52
MD5

5596dec42899c4485f1d0801eafc0e90
SHA1

fb71d6a2b87dbb99b08b1359beeb9d5cdf97bca3
SHA256

4680e13c9cbbbcc4d909cb86bb3c6312881f6e52260590fe2d35da8cb0409cce
SHA512

1413e7c005bb2f66e28c80b0ccdeead8b3ec876cccdc7a644156b630e7af76696c70eca505f3fadb4ff0e4a0c3c5e68a40c2b488ab91dfc4fe4c678179b2b8d5
SSDEEP

49152:SF80dsBKsu0Wcx9Uxup4jsgLptOyCzP5j/ec7SKZZ8hpTQdWW:QqBK+BxgskpthCzP57v7SKZZspsdW

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  4680e13c9cbbbcc4d909cb86bb3c6312881f6e52260590fe2d35da8cb0409cce
- Size
  
  4.4MB
- MD5
  
  5596dec42899c4485f1d0801eafc0e90
- SHA1
  
  fb71d6a2b87dbb99b08b1359beeb9d5cdf97bca3
- SHA256
  
  4680e13c9cbbbcc4d909cb86bb3c6312881f6e52260590fe2d35da8cb0409cce
- SHA512
  
  1413e7c005bb2f66e28c80b0ccdeead8b3ec876cccdc7a644156b630e7af76696c70eca505f3fadb4ff0e4a0c3c5e68a40c2b488ab91dfc4fe4c678179b2b8d5
- SSDEEP
  
  49152:SF80dsBKsu0Wcx9Uxup4jsgLptOyCzP5j/ec7SKZZ8hpTQdWW:QqBK+BxgskpthCzP57v7SKZZspsdW
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer