72a8ff8a70c31c8e6d1c2831b7fed338b30c9a4ce59bfd04cec7031103b24163 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72a8ff8a70c31c8e6d1c2831b7fed338b30c9a4ce59bfd04cec7031103b24163
Size

2.1MB
Sample

221125-yzj3safb8s
MD5

c8ae8c3cba918daeafb7936ed226b850
SHA1

65e46d70e9bc9aed1e379bd69484a72fbb633d65
SHA256

72a8ff8a70c31c8e6d1c2831b7fed338b30c9a4ce59bfd04cec7031103b24163
SHA512

cd4f901ab2c55fb1ab25a98a04c253d9e891d691cba2f91b4d281e00344c135fa9afa295724c5c72eb6cb6713aabf04979b083a83701d8ef18ac4871a09ef65f
SSDEEP

24576:h1OYdaOqzoi5Fm2qmA+L4zKWQt0moNdqNFSj8y0j9jtaJB5ZuUUr2YGnEQ/VfVW:h1OsImLmVJWQt0mozqW78bSVfVW

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  72a8ff8a70c31c8e6d1c2831b7fed338b30c9a4ce59bfd04cec7031103b24163
- Size
  
  2.1MB
- MD5
  
  c8ae8c3cba918daeafb7936ed226b850
- SHA1
  
  65e46d70e9bc9aed1e379bd69484a72fbb633d65
- SHA256
  
  72a8ff8a70c31c8e6d1c2831b7fed338b30c9a4ce59bfd04cec7031103b24163
- SHA512
  
  cd4f901ab2c55fb1ab25a98a04c253d9e891d691cba2f91b4d281e00344c135fa9afa295724c5c72eb6cb6713aabf04979b083a83701d8ef18ac4871a09ef65f
- SSDEEP
  
  24576:h1OYdaOqzoi5Fm2qmA+L4zKWQt0moNdqNFSj8y0j9jtaJB5ZuUUr2YGnEQ/VfVW:h1OsImLmVJWQt0mozqW78bSVfVW
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer