c94e3940a4e8839af719adfa99ad08f0b330269511674368845f57f7619fcadf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c94e3940a4e8839af719adfa99ad08f0b330269511674368845f57f7619fcadf
Size

2.1MB
Sample

221127-fd8j5saf77
MD5

62e83a6381ed27e1c127640b7e4b31be
SHA1

8f11caf44baeebd87109811d60b688a425210328
SHA256

c94e3940a4e8839af719adfa99ad08f0b330269511674368845f57f7619fcadf
SHA512

771da3fdb731c22e65425f6a2d89cc02cdb45702d97255f70a9baef57ae04f53664cd80e97db5f9d6d33ecfd9ad2ce08fb29cf32636ec6bc64c7f0a0b3e49a39
SSDEEP

49152:h1OswNQToNVxbNrInKtDSwSm7CXH9e7FLP1C4b1MzrUZkFFhcoglV70M:h1OnNQUNVxNpSmGXA7bHxz5

Score

8^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  c94e3940a4e8839af719adfa99ad08f0b330269511674368845f57f7619fcadf
- Size
  
  2.1MB
- MD5
  
  62e83a6381ed27e1c127640b7e4b31be
- SHA1
  
  8f11caf44baeebd87109811d60b688a425210328
- SHA256
  
  c94e3940a4e8839af719adfa99ad08f0b330269511674368845f57f7619fcadf
- SHA512
  
  771da3fdb731c22e65425f6a2d89cc02cdb45702d97255f70a9baef57ae04f53664cd80e97db5f9d6d33ecfd9ad2ce08fb29cf32636ec6bc64c7f0a0b3e49a39
- SSDEEP
  
  49152:h1OswNQToNVxbNrInKtDSwSm7CXH9e7FLP1C4b1MzrUZkFFhcoglV70M:h1OnNQUNVxNpSmGXA7bHxz5
Score

8^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer