7158dbcba678d6d493a75c2dce96a8f5e10a83bda77c911b9994e9c7ca0971c5 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

IDMan.exe

windows7-x64

7

IDMan.exe

windows10-2004-x64

7

Resubmissions

01-04-2023 22:16

230401-166lgada92 3

01-04-2023 22:05

230401-1zm6jsed7y 7

Sharing

General

Target

IDMan.exe
Size

5.6MB
Sample

230401-1zm6jsed7y
MD5

e0058fefc40216ebce70a63f2975204e
SHA1

4c77ae3b2ab4066f357e90ef59f6f05a60fab9fc
SHA256

7158dbcba678d6d493a75c2dce96a8f5e10a83bda77c911b9994e9c7ca0971c5
SHA512

2de24620b156be391593c7aee57fd633732f75be502d7830131abb041421b7aab175d25d27a8b7323579eb631789580da8ddf5cf31acb542bd73e50597961717
SSDEEP

98304:iqfdKBo2I2V8ABsF0sroOl11P4pQx18frP3wbzWFimaI7dlZe3:LfEBDjV8x0s0rgbzWFimaI7dl

Score

7^/10

adware evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

IDMan.exe

Resource

win7-20230220-en

adware evasion persistence spyware stealer trojan

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

IDMan.exe

Resource

win10v2004-20230220-en

adware persistence spyware stealer

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  IDMan.exe
- Size
  
  5.6MB
- MD5
  
  e0058fefc40216ebce70a63f2975204e
- SHA1
  
  4c77ae3b2ab4066f357e90ef59f6f05a60fab9fc
- SHA256
  
  7158dbcba678d6d493a75c2dce96a8f5e10a83bda77c911b9994e9c7ca0971c5
- SHA512
  
  2de24620b156be391593c7aee57fd633732f75be502d7830131abb041421b7aab175d25d27a8b7323579eb631789580da8ddf5cf31acb542bd73e50597961717
- SSDEEP
  
  98304:iqfdKBo2I2V8ABsF0sroOl11P4pQx18frP3wbzWFimaI7dlZe3:LfEBDjV8x0s0rgbzWFimaI7dl
Score

7^/10

adware evasion persistence spyware stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencespywarestealertrojan

behavioral2

adwarepersistencespywarestealer

© 2018-2024

Terms | Privacy