ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989 | Triage

Submit
Reports

Overview

overview

8

Static

static

ed5e4ac76e...89.exe

windows7-x64

8

ed5e4ac76e...89.exe

windows10-2004-x64

8

Sharing

General

Target

ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989
Size

3.8MB
Sample

221125-hl165scf4s
MD5

0c84b613573bcd8f0eb5400ce88bc667
SHA1

54dab937f79ebd5baf09d7cca08a76957495a0eb
SHA256

ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989
SHA512

8021e8674d9d16283e845c06d0b773357d080db36891ed5685fa5f57271b637f714d803ced7e57b77efbba5d0c750016136fc1e6c25296cafbbcbae6147edbcc
SSDEEP

98304:PCVoKYQbbJNlgCgdU+gFmKUULZJLqL7kAEpEGT0AJ7t9LVvranzpfaZ:koKP3JN/+aT9+nzp

Score

8^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989.exe

Resource

win7-20220901-en

adware discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989.exe

Resource

win10v2004-20220901-en

adware discovery persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989
- Size
  
  3.8MB
- MD5
  
  0c84b613573bcd8f0eb5400ce88bc667
- SHA1
  
  54dab937f79ebd5baf09d7cca08a76957495a0eb
- SHA256
  
  ed5e4ac76e01d5c9a327d5e3fa06737df43a62d538a28c19b23b7f39a18bc989
- SHA512
  
  8021e8674d9d16283e845c06d0b773357d080db36891ed5685fa5f57271b637f714d803ced7e57b77efbba5d0c750016136fc1e6c25296cafbbcbae6147edbcc
- SSDEEP
  
  98304:PCVoKYQbbJNlgCgdU+gFmKUULZJLqL7kAEpEGT0AJ7t9LVvranzpfaZ:koKP3JN/+aT9+nzp
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy