33a40b39c2cb5837cf18a771b9ef12e0dd68752a1ce7f865bc3fac1c33bf2405 | Triage

Sharing

General

Target

33a40b39c2cb5837cf18a771b9ef12e0dd68752a1ce7f865bc3fac1c33bf2405
Size

4.4MB
Sample

221125-dh27tabb4s
MD5

71c2dd9ea657019062101b32fcc8a351
SHA1

a65648b049d2b6e5d8c0f8d5c4c3da4856b1576d
SHA256

33a40b39c2cb5837cf18a771b9ef12e0dd68752a1ce7f865bc3fac1c33bf2405
SHA512

5173a938ac3bddd3b40acb767de2dec67fefa76d2cccd85d10634b76026fbe2a1c012c492e95d38ed8ef92bc248ce42916fd3bbac14175446ac105edeb974051
SSDEEP

49152:MhuK4jmWrCBDT+qLmxup46dGKvghxfki17c7SKfjSlM/Zf0weeDNxLC:y2mWrKyqAKcW7SKfj8MNtLNxL

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  33a40b39c2cb5837cf18a771b9ef12e0dd68752a1ce7f865bc3fac1c33bf2405
- Size
  
  4.4MB
- MD5
  
  71c2dd9ea657019062101b32fcc8a351
- SHA1
  
  a65648b049d2b6e5d8c0f8d5c4c3da4856b1576d
- SHA256
  
  33a40b39c2cb5837cf18a771b9ef12e0dd68752a1ce7f865bc3fac1c33bf2405
- SHA512
  
  5173a938ac3bddd3b40acb767de2dec67fefa76d2cccd85d10634b76026fbe2a1c012c492e95d38ed8ef92bc248ce42916fd3bbac14175446ac105edeb974051
- SSDEEP
  
  49152:MhuK4jmWrCBDT+qLmxup46dGKvghxfki17c7SKfjSlM/Zf0weeDNxLC:y2mWrKyqAKcW7SKfj8MNtLNxL
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer