d579e9320dd4d84c5a53b078278aeb4e5aefb922cc8e40b7b18a0a7eac46437a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d579e9320dd4d84c5a53b078278aeb4e5aefb922cc8e40b7b18a0a7eac46437a
Size

2.1MB
Sample

221125-yshalsbh28
MD5

90b95d05168d121d9294f88456556001
SHA1

8e25de926a03f8bb1a5880d193ed3bf6efea8b52
SHA256

d579e9320dd4d84c5a53b078278aeb4e5aefb922cc8e40b7b18a0a7eac46437a
SHA512

9bb091d238a5367c63a7d41ebda72e708f0371fdac0d02264a5d03f08e8fde6e87f480e67288c8c28079b005815143be7634466ea316f58ced84af28ea60c367
SSDEEP

49152:h1OsWyg1w9APz7x4fWFF0AEyWrwGvtuE980w2NhTk:h1Omm7x+HA2A

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  d579e9320dd4d84c5a53b078278aeb4e5aefb922cc8e40b7b18a0a7eac46437a
- Size
  
  2.1MB
- MD5
  
  90b95d05168d121d9294f88456556001
- SHA1
  
  8e25de926a03f8bb1a5880d193ed3bf6efea8b52
- SHA256
  
  d579e9320dd4d84c5a53b078278aeb4e5aefb922cc8e40b7b18a0a7eac46437a
- SHA512
  
  9bb091d238a5367c63a7d41ebda72e708f0371fdac0d02264a5d03f08e8fde6e87f480e67288c8c28079b005815143be7634466ea316f58ced84af28ea60c367
- SSDEEP
  
  49152:h1OsWyg1w9APz7x4fWFF0AEyWrwGvtuE980w2NhTk:h1Omm7x+HA2A
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer