419c4aa887895f85c1eb1e297c16b340af1c4b954173384cff3a4ac9e7f99dcd | Triage

Submit
Reports

Overview

overview

8

Static

static

ChromeSetup.exe

windows7-x64

8

ChromeSetup.exe

windows10-2004-x64

8

Sharing

General

Target

ChromeSetup.exe
Size

1.4MB
Sample

221230-t4s42abc2x
MD5

5c870708d9f9518da3c6ba355636596d
SHA1

f98ccad0b759070899e6ba7ff5058fc4e5319823
SHA256

419c4aa887895f85c1eb1e297c16b340af1c4b954173384cff3a4ac9e7f99dcd
SHA512

36577860e70041236c46f1f1ba0456b01a4892abaae9096d2aad47c1f27dd4881dd4cad1d80e463a6ac6ccfae374d9203c43ac866b60054721e087a47c9e8425
SSDEEP

24576:Jw8KjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+LT:PKjKWQc2b1FVgbjrjxPe1pbPSQm1FloS

Score

8^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.exe

Resource

win7-20220812-en

discovery evasion persistence spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

ChromeSetup.exe

Resource

win10v2004-20221111-en

discovery persistence spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  1.4MB
- MD5
  
  5c870708d9f9518da3c6ba355636596d
- SHA1
  
  f98ccad0b759070899e6ba7ff5058fc4e5319823
- SHA256
  
  419c4aa887895f85c1eb1e297c16b340af1c4b954173384cff3a4ac9e7f99dcd
- SHA512
  
  36577860e70041236c46f1f1ba0456b01a4892abaae9096d2aad47c1f27dd4881dd4cad1d80e463a6ac6ccfae374d9203c43ac866b60054721e087a47c9e8425
- SSDEEP
  
  24576:Jw8KjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+LT:PKjKWQc2b1FVgbjrjxPe1pbPSQm1FloS
Score

8^/10

discovery evasion persistence spyware stealer trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

behavioral2

discoverypersistencespywarestealer

© 2018-2025

Terms | Privacy