97292d7ce31809bfc307b56ea898d28b31972a4f54060195439975d1818310ca | Triage

Submit
Reports

Overview

overview

8

Static

static

1

idman641build7.exe

windows7-x64

7

idman641build7.exe

windows10-2004-x64

8

Sharing

General

Target

idman641build7.exe
Size

10.8MB
Sample

230307-3fca2scg64
MD5

fc5ba37e83f08fbd8c0fcdcee524977d
SHA1

685288a912906702632aea1e0499e0f4cfa20a61
SHA256

97292d7ce31809bfc307b56ea898d28b31972a4f54060195439975d1818310ca
SHA512

e3075eac6ea5f5a7ba23eeb197d32aa43c4b41e58afdc202d5029db4bee606b22fbfa1d270eda4b769a9e41710fad43e80651f17511c963a747f9cfd8c7eed1a
SSDEEP

196608:wIO5pbZVOVFTo1rxe12F/WbhHQW3NO2CUQRlaPr7Yf5NmSBZi/IKa1cCQLD2peAt:w3VzYS812F/Wb2UODr47qmQZkl3LKpR

Score

8^/10

adware discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

idman641build7.exe

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

idman641build7.exe

Resource

win10v2004-20230220-en

adware discovery evasion persistence spyware stealer trojan

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  idman641build7.exe
- Size
  
  10.8MB
- MD5
  
  fc5ba37e83f08fbd8c0fcdcee524977d
- SHA1
  
  685288a912906702632aea1e0499e0f4cfa20a61
- SHA256
  
  97292d7ce31809bfc307b56ea898d28b31972a4f54060195439975d1818310ca
- SHA512
  
  e3075eac6ea5f5a7ba23eeb197d32aa43c4b41e58afdc202d5029db4bee606b22fbfa1d270eda4b769a9e41710fad43e80651f17511c963a747f9cfd8c7eed1a
- SSDEEP
  
  196608:wIO5pbZVOVFTo1rxe12F/WbhHQW3NO2CUQRlaPr7Yf5NmSBZi/IKa1cCQLD2peAt:w3VzYS812F/Wb2UODr47qmQZkl3LKpR
Score

8^/10

adware discovery evasion persistence spyware stealer trojan
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoveryevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy