Overview

overview

8

Static

static

1c2cdf6194...bd.exe

windows7-x64

8

1c2cdf6194...bd.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c2cdf6194e88e2da2aca72b8154f6e4eb6cf31c9b8ecfe630dd9e2ec89d6bbd

  • Size

    3.8MB

  • Sample

    221125-ygz2aadh7w

  • MD5

    8e319bb42fd7359fe122f094eeddc3cd

  • SHA1

    1ab9ac0143d1172faff87fadcb764d5c1dad1af2

  • SHA256

    1c2cdf6194e88e2da2aca72b8154f6e4eb6cf31c9b8ecfe630dd9e2ec89d6bbd

  • SHA512

    645f974f1704b9ecd9b8325cff130f2207e9be39c03087fa96a562653bf740a535afdb5094eac46b725697d3d8bb6afbc53098383c5bfe21278c65a8ae272e52

  • SSDEEP

    98304:9iYePkfbFp1Ce1BW+MTbk++V6v70zejG6fCxr22sr5WYC1/qNiPcqZ/uFvYaDglc:wkfDmplYm

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      1c2cdf6194e88e2da2aca72b8154f6e4eb6cf31c9b8ecfe630dd9e2ec89d6bbd

    • Size

      3.8MB

    • MD5

      8e319bb42fd7359fe122f094eeddc3cd

    • SHA1

      1ab9ac0143d1172faff87fadcb764d5c1dad1af2

    • SHA256

      1c2cdf6194e88e2da2aca72b8154f6e4eb6cf31c9b8ecfe630dd9e2ec89d6bbd

    • SHA512

      645f974f1704b9ecd9b8325cff130f2207e9be39c03087fa96a562653bf740a535afdb5094eac46b725697d3d8bb6afbc53098383c5bfe21278c65a8ae272e52

    • SSDEEP

      98304:9iYePkfbFp1Ce1BW+MTbk++V6v70zejG6fCxr22sr5WYC1/qNiPcqZ/uFvYaDglc:wkfDmplYm

    Score
    8/10
    adwarediscoverypersistencespywarestealer

    • Registers COM server for autorun

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks