39b2fbb0509e4a62013111d16358d7d6c3f06b2466b0c80354e0dfa54bc9569c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39b2fbb0509e4a62013111d16358d7d6c3f06b2466b0c80354e0dfa54bc9569c
Size

2.1MB
Sample

221125-sgfpraae2v
MD5

5529ad8afa5ffa173ab9c433772d7d8f
SHA1

0fe8a40b5a4b6c5d9f1d13cb6fd4aab72b00058c
SHA256

39b2fbb0509e4a62013111d16358d7d6c3f06b2466b0c80354e0dfa54bc9569c
SHA512

95792ddadb518951e8bca0529bcee0ce8ea8f7fe0de4e48559cd655eca2b0cd0df959d5ed5af08672359a14b66e3c319945ff764bf7843d8fa4081c8b46f1931
SSDEEP

24576:h1OYdaOxidvpcWU0nkjpTu1aiwB+JtP2ItjRwcOHx0pFz8rrqbk8250uj5rc6bJi:h1OsW5/nkFTZaPPRwTR0ptyI2q8jbJGL

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  39b2fbb0509e4a62013111d16358d7d6c3f06b2466b0c80354e0dfa54bc9569c
- Size
  
  2.1MB
- MD5
  
  5529ad8afa5ffa173ab9c433772d7d8f
- SHA1
  
  0fe8a40b5a4b6c5d9f1d13cb6fd4aab72b00058c
- SHA256
  
  39b2fbb0509e4a62013111d16358d7d6c3f06b2466b0c80354e0dfa54bc9569c
- SHA512
  
  95792ddadb518951e8bca0529bcee0ce8ea8f7fe0de4e48559cd655eca2b0cd0df959d5ed5af08672359a14b66e3c319945ff764bf7843d8fa4081c8b46f1931
- SSDEEP
  
  24576:h1OYdaOxidvpcWU0nkjpTu1aiwB+JtP2ItjRwcOHx0pFz8rrqbk8250uj5rc6bJi:h1OsW5/nkFTZaPPRwTR0ptyI2q8jbJGL
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer