9ff6c0ee15a5bef2a2e27b81f17a70b4256c4f45cc0e3eb453a462c0e4a94281 | Triage

Sharing

General

Target

9ff6c0ee15a5bef2a2e27b81f17a70b4256c4f45cc0e3eb453a462c0e4a94281
Size

4.1MB
Sample

221125-h61fcaeb5x
MD5

259693b1e2b96a13b45ba309975081c9
SHA1

fc39938b3e37cca646c8ffac656556b4a629958a
SHA256

9ff6c0ee15a5bef2a2e27b81f17a70b4256c4f45cc0e3eb453a462c0e4a94281
SHA512

cf9e456e7d68bc72e78b9c0e12325273e9e798a91e2269a0ff9c3fd8f3b37e30684e2d720739cb74c8aeaeda279b51178efd437f245091d85d74b254047adec5
SSDEEP

98304:xuoi5tP8qj/LT7MCAbPcUEceDfAxtUR+nCysl7YgotOts9QY6HO7n2352qzUQBG0:IoiTPdLqEc5+S

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  9ff6c0ee15a5bef2a2e27b81f17a70b4256c4f45cc0e3eb453a462c0e4a94281
- Size
  
  4.1MB
- MD5
  
  259693b1e2b96a13b45ba309975081c9
- SHA1
  
  fc39938b3e37cca646c8ffac656556b4a629958a
- SHA256
  
  9ff6c0ee15a5bef2a2e27b81f17a70b4256c4f45cc0e3eb453a462c0e4a94281
- SHA512
  
  cf9e456e7d68bc72e78b9c0e12325273e9e798a91e2269a0ff9c3fd8f3b37e30684e2d720739cb74c8aeaeda279b51178efd437f245091d85d74b254047adec5
- SSDEEP
  
  98304:xuoi5tP8qj/LT7MCAbPcUEceDfAxtUR+nCysl7YgotOts9QY6HO7n2352qzUQBG0:IoiTPdLqEc5+S
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer