0767593ce0b80ebce4eedf8e7f862f2cdbb26434f75898712acfe57a7eabb206 | Triage

Sharing

General

Target

0767593ce0b80ebce4eedf8e7f862f2cdbb26434f75898712acfe57a7eabb206
Size

4.1MB
Sample

221125-fzhwlsdd53
MD5

27744e6ef937da563287af35ea3233f7
SHA1

a56243b3d44122e5edf37e3387e370c0452290df
SHA256

0767593ce0b80ebce4eedf8e7f862f2cdbb26434f75898712acfe57a7eabb206
SHA512

29888e1931da8c1c5e0a788a6997beefa6f42c569dd973bd0a5caebd03d8b0fcd59b168ae57ed0a407c7dc893916e46fa60fcbde29054c9515a2d6cc5d9e55cc
SSDEEP

49152:thPmCbb2GwxmyjQpyA0wX8FnfwZU5BcumFKbUT9FiouwRO8jsnHsiLw8LQrlx:tZm7bmPP8SKb6RugO8C/LwrR

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  0767593ce0b80ebce4eedf8e7f862f2cdbb26434f75898712acfe57a7eabb206
- Size
  
  4.1MB
- MD5
  
  27744e6ef937da563287af35ea3233f7
- SHA1
  
  a56243b3d44122e5edf37e3387e370c0452290df
- SHA256
  
  0767593ce0b80ebce4eedf8e7f862f2cdbb26434f75898712acfe57a7eabb206
- SHA512
  
  29888e1931da8c1c5e0a788a6997beefa6f42c569dd973bd0a5caebd03d8b0fcd59b168ae57ed0a407c7dc893916e46fa60fcbde29054c9515a2d6cc5d9e55cc
- SSDEEP
  
  49152:thPmCbb2GwxmyjQpyA0wX8FnfwZU5BcumFKbUT9FiouwRO8jsnHsiLw8LQrlx:tZm7bmPP8SKb6RugO8C/LwrR
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer