de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac
Size

2.1MB
Sample

221125-yrzhhabg82
MD5

6b8fac3fecd277c21d95f12429f71062
SHA1

80c2f4034da7a4fa4edeab228dfbc85ebbaaaec0
SHA256

de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac
SHA512

847ce9a43b66fab2eb17802748cbb16aa97e06bafd580503386b13faf7129fe9ca75562d2aad5c3ce0303f83512e598d165cb416b49286dbf3f548503153d725
SSDEEP

24576:h1OYdaOXzoi5Fm2qmA+L4zKWQt0moNdqNFSj8y0j9jtaJB5ZuUUr2YGnEQ/VfV3:h1Os9mLmVJWQt0mozqW78bSVfV3

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac
- Size
  
  2.1MB
- MD5
  
  6b8fac3fecd277c21d95f12429f71062
- SHA1
  
  80c2f4034da7a4fa4edeab228dfbc85ebbaaaec0
- SHA256
  
  de26ced93891342e08fbf7b77036430eaaaf0eb1513ce1f25cef07d0e35542ac
- SHA512
  
  847ce9a43b66fab2eb17802748cbb16aa97e06bafd580503386b13faf7129fe9ca75562d2aad5c3ce0303f83512e598d165cb416b49286dbf3f548503153d725
- SSDEEP
  
  24576:h1OYdaOXzoi5Fm2qmA+L4zKWQt0moNdqNFSj8y0j9jtaJB5ZuUUr2YGnEQ/VfV3:h1Os9mLmVJWQt0mozqW78bSVfV3
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2