08544f4ea92ce2ee9631ee5f1d9b60e27693049ff1fece6b051cda0fd3b786cd | Triage

Sharing

General

Target

08544f4ea92ce2ee9631ee5f1d9b60e27693049ff1fece6b051cda0fd3b786cd
Size

2.1MB
Sample

221125-yhb1vadh9y
MD5

d9819139a8a55adcda8beb3f1add0e20
SHA1

4e096214d83034bfb4cf5d1f01a84f8c1b4b0cf9
SHA256

08544f4ea92ce2ee9631ee5f1d9b60e27693049ff1fece6b051cda0fd3b786cd
SHA512

d81aef1be1376d44b4d6c40735b760050b897bcc25df2f8c3477d8d6bf8d55430ac20101b8e04f651ab2580af7a59f3da50edc22fb7322ac0caf8aee5440bf13
SSDEEP

24576:h1OYdaO47QJkxGYNiu6+HRxMBMBtqCnd2Hoi1FLVHHD6gwDxvbZmPw5wea5nYGO:h1OsjGGYj/MOpd2H1BVgmPJ1nJO

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  08544f4ea92ce2ee9631ee5f1d9b60e27693049ff1fece6b051cda0fd3b786cd
- Size
  
  2.1MB
- MD5
  
  d9819139a8a55adcda8beb3f1add0e20
- SHA1
  
  4e096214d83034bfb4cf5d1f01a84f8c1b4b0cf9
- SHA256
  
  08544f4ea92ce2ee9631ee5f1d9b60e27693049ff1fece6b051cda0fd3b786cd
- SHA512
  
  d81aef1be1376d44b4d6c40735b760050b897bcc25df2f8c3477d8d6bf8d55430ac20101b8e04f651ab2580af7a59f3da50edc22fb7322ac0caf8aee5440bf13
- SSDEEP
  
  24576:h1OYdaO47QJkxGYNiu6+HRxMBMBtqCnd2Hoi1FLVHHD6gwDxvbZmPw5wea5nYGO:h1OsjGGYj/MOpd2H1BVgmPJ1nJO
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer