4b2a491fda6fff6963580f041d64dce13f89a8ae24d97ef3f8f52dd08db24b97 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

idman641build8.exe

windows7-x64

7

idman641build8.exe

windows10-2004-x64

7

Sharing

General

Target

idman641build8.exe
Size

10.8MB
Sample

230401-apgb5sef98
MD5

11c342fd2e42d13ea389336d2d0ae5ad
SHA1

909b99251c5a08ec22b21e228fb7788f5ceb82d3
SHA256

4b2a491fda6fff6963580f041d64dce13f89a8ae24d97ef3f8f52dd08db24b97
SHA512

d023794f68dadbb73eb376e390b35df2df458b3f29615e011aa39021c0c98a919ac4621f954d5cf73e22d81839f8fa3c642674765965e744737fa01d28b7be3e
SSDEEP

196608:tca5pDMfcdMc2sZWiQWHNO9JeUkNct/zrrUfBNqGFZC2e5SQDD2peE5:tvqkdMbsEEMcveJrWqgZynDKpx

Score

7^/10

adware discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

idman641build8.exe

Resource

win7-20230220-en

adware discovery stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

idman641build8.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  idman641build8.exe
- Size
  
  10.8MB
- MD5
  
  11c342fd2e42d13ea389336d2d0ae5ad
- SHA1
  
  909b99251c5a08ec22b21e228fb7788f5ceb82d3
- SHA256
  
  4b2a491fda6fff6963580f041d64dce13f89a8ae24d97ef3f8f52dd08db24b97
- SHA512
  
  d023794f68dadbb73eb376e390b35df2df458b3f29615e011aa39021c0c98a919ac4621f954d5cf73e22d81839f8fa3c642674765965e744737fa01d28b7be3e
- SSDEEP
  
  196608:tca5pDMfcdMc2sZWiQWHNO9JeUkNct/zrrUfBNqGFZC2e5SQDD2peE5:tvqkdMbsEEMcveJrWqgZynDKpx
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

© 2018-2024

Terms | Privacy