Overview

overview

7

Static

static

1

IDMan.exe

windows10-1703-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IDMan.exe

  • Size

    5.6MB

  • Sample

    230402-d9lzxaed94

  • MD5

    77bccbb086ee705f04519c6049f0381f

  • SHA1

    62408324473a02601eb1c9ce252caea3428a7145

  • SHA256

    1201f3b01d7f5cee8222e24932eabd3ab7364dabefb7dd0c14233772f5b4e764

  • SHA512

    801d196746968b1b80bad1695e9c2102bdc197db7a42e20fde634f849d7cc00c013a3205fa679050f982b7e313379392e8e6e2a8e5629a75ac54f0aa9a5f37a2

  • SSDEEP

    98304:t8gwPXq1RA0g5cHkbmYkP4T18frP3wbzWFimaI7dlZ:Mq1RAJ5cEGgbzWFimaI7dl

Score
7/10
adwarepersistencespywarestealer

Malware Config

Targets

    • Target

      IDMan.exe

    • Size

      5.6MB

    • MD5

      77bccbb086ee705f04519c6049f0381f

    • SHA1

      62408324473a02601eb1c9ce252caea3428a7145

    • SHA256

      1201f3b01d7f5cee8222e24932eabd3ab7364dabefb7dd0c14233772f5b4e764

    • SHA512

      801d196746968b1b80bad1695e9c2102bdc197db7a42e20fde634f849d7cc00c013a3205fa679050f982b7e313379392e8e6e2a8e5629a75ac54f0aa9a5f37a2

    • SSDEEP

      98304:t8gwPXq1RA0g5cHkbmYkP4T18frP3wbzWFimaI7dlZ:Mq1RAJ5cEGgbzWFimaI7dl

    Score
    7/10
    adwarepersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks