0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec | Triage

Submit
Reports

Overview

overview

8

Static

static

0c17dc1c6e...ec.exe

windows7-x64

8

0c17dc1c6e...ec.exe

windows10-2004-x64

8

Sharing

General

Target

0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec
Size

4.4MB
Sample

221125-fq6lbach53
MD5

348c0c585452e9db274178166e2be34f
SHA1

dada50fb25005597580fe0e25001ed24fbca4b5b
SHA256

0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec
SHA512

3a5de59e1f6a2ebf1c12c0b8dd71699a2b67502c280044ebf80f786ab08c4a9bb96c741cb0585493b85d4e7df5708754ac04f900499f28c964d0b71bd5757a02
SSDEEP

49152:m9aK6zTouxmBF0HDxup40+gppWmD/M2BKQl0c7SKuZ8hpTQdQB:4wToXj0wpp1D/v7SKuZspsdQ

Score

8^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec.exe

Resource

win7-20221111-en

adware discovery persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec.exe

Resource

win10v2004-20221111-en

adware discovery persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec
- Size
  
  4.4MB
- MD5
  
  348c0c585452e9db274178166e2be34f
- SHA1
  
  dada50fb25005597580fe0e25001ed24fbca4b5b
- SHA256
  
  0c17dc1c6e2deee827be63a946a8b28b4815fe23513ed42f807ca7c62ab684ec
- SHA512
  
  3a5de59e1f6a2ebf1c12c0b8dd71699a2b67502c280044ebf80f786ab08c4a9bb96c741cb0585493b85d4e7df5708754ac04f900499f28c964d0b71bd5757a02
- SSDEEP
  
  49152:m9aK6zTouxmBF0HDxup40+gppWmD/M2BKQl0c7SKuZ8hpTQdQB:4wToXj0wpp1D/v7SKuZspsdQ
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy