1f1d8b99732b4ca18486cbc421edcc2ff31fd220bf47e6d15d792f9e761e3ff4 | Triage

Sharing

General

Target

1f1d8b99732b4ca18486cbc421edcc2ff31fd220bf47e6d15d792f9e761e3ff4
Size

4.4MB
Sample

221125-epdcpsdh2w
MD5

eea366b0a834598a4d2d2826d2b3b650
SHA1

5deba34b27ed1799790f3657e7f59243b408e3af
SHA256

1f1d8b99732b4ca18486cbc421edcc2ff31fd220bf47e6d15d792f9e761e3ff4
SHA512

2b6040772dbbf6499e94e03287f9b24503d5987397d2fceea3bc961dbb32e9e4d48cef8d346590d0a57b680472375dfc8c73afe775ab4e92af3591da60d0276e
SSDEEP

49152:Ac8UN8bPQAjUcBdUxup4m6MUwppWmD/M2BKQl1c7SKpjSlM/Zf0weeDNxYh:FKbPXnBAwpp1D/Q7SKpj8MNtLNxY

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  1f1d8b99732b4ca18486cbc421edcc2ff31fd220bf47e6d15d792f9e761e3ff4
- Size
  
  4.4MB
- MD5
  
  eea366b0a834598a4d2d2826d2b3b650
- SHA1
  
  5deba34b27ed1799790f3657e7f59243b408e3af
- SHA256
  
  1f1d8b99732b4ca18486cbc421edcc2ff31fd220bf47e6d15d792f9e761e3ff4
- SHA512
  
  2b6040772dbbf6499e94e03287f9b24503d5987397d2fceea3bc961dbb32e9e4d48cef8d346590d0a57b680472375dfc8c73afe775ab4e92af3591da60d0276e
- SSDEEP
  
  49152:Ac8UN8bPQAjUcBdUxup4m6MUwppWmD/M2BKQl1c7SKpjSlM/Zf0weeDNxYh:FKbPXnBAwpp1D/Q7SKpj8MNtLNxY
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer