55be76be266487c45ca2ec62adc25bb94ce1325e4e020d7144f048e4486dfe08 | Triage

Sharing

General

Target

55be76be266487c45ca2ec62adc25bb94ce1325e4e020d7144f048e4486dfe08
Size

3.5MB
Sample

221125-jqs7rscb26
MD5

64a199f0f67728df7e208c55038d52e1
SHA1

784e1efcfca60ca342fe1fb65e26274526e675ac
SHA256

55be76be266487c45ca2ec62adc25bb94ce1325e4e020d7144f048e4486dfe08
SHA512

d004117a550bddb54615a02bb289f399c5c1980a3c53cc387a1d84a10abce8de72cc98a42f17c11888b96c0ca329e9934e0f81f0d7152e3d95aa227d9899bd5d
SSDEEP

98304:Rs8rk84c45JON8PZUdfpfu9AU7F/a6oyjZQhaursFmaW9MD6uY++y0GTd5zBQZ+4:RHr14f+ePZUjYMyK24

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  55be76be266487c45ca2ec62adc25bb94ce1325e4e020d7144f048e4486dfe08
- Size
  
  3.5MB
- MD5
  
  64a199f0f67728df7e208c55038d52e1
- SHA1
  
  784e1efcfca60ca342fe1fb65e26274526e675ac
- SHA256
  
  55be76be266487c45ca2ec62adc25bb94ce1325e4e020d7144f048e4486dfe08
- SHA512
  
  d004117a550bddb54615a02bb289f399c5c1980a3c53cc387a1d84a10abce8de72cc98a42f17c11888b96c0ca329e9934e0f81f0d7152e3d95aa227d9899bd5d
- SSDEEP
  
  98304:Rs8rk84c45JON8PZUdfpfu9AU7F/a6oyjZQhaursFmaW9MD6uY++y0GTd5zBQZ+4:RHr14f+ePZUjYMyK24
Score

8^/10

adware discovery persistence spyware stealer
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer