9ad69452e768c6b36ae222253141eece96c9031103afa06a9cecccd7567523d0 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

IDMan.exe

windows7-x64

7

IDMan.exe

windows10-2004-x64

7

Sharing

General

Target

IDMan.exe
Size

5.6MB
Sample

230326-kzdzwahh8y
MD5

bb6c540ccad4386c7d88dd71cb539d10
SHA1

d446c9a5d0432dd94f3d78a728274e63469dd0b8
SHA256

9ad69452e768c6b36ae222253141eece96c9031103afa06a9cecccd7567523d0
SHA512

52d69543a2b2edaaea59f506a550c578e76fdcefe1b953cf6026c862acc88228b8bf7b54391bb4705e4b161f7ae22648178643649769c0c109da6273fb649171
SSDEEP

98304:97ocqxlQpPAEgIrTx5P4NS18frP3wbzWFimaI7dlZX:ZbqYpPFg3bgbzWFimaI7dlZ

Score

7^/10

adware evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IDMan.exe

Resource

win7-20230220-en

adware evasion persistence spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

IDMan.exe

Resource

win10v2004-20230220-en

adware evasion persistence spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  IDMan.exe
- Size
  
  5.6MB
- MD5
  
  bb6c540ccad4386c7d88dd71cb539d10
- SHA1
  
  d446c9a5d0432dd94f3d78a728274e63469dd0b8
- SHA256
  
  9ad69452e768c6b36ae222253141eece96c9031103afa06a9cecccd7567523d0
- SHA512
  
  52d69543a2b2edaaea59f506a550c578e76fdcefe1b953cf6026c862acc88228b8bf7b54391bb4705e4b161f7ae22648178643649769c0c109da6273fb649171
- SSDEEP
  
  98304:97ocqxlQpPAEgIrTx5P4NS18frP3wbzWFimaI7dlZX:ZbqYpPFg3bgbzWFimaI7dlZ
Score

7^/10

adware evasion persistence spyware stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencespywarestealertrojan

behavioral2

adwareevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy