11fc87c03c005ecbd67a4b07ebee1551ad8e2df0946d50a2725c3bd96700f015 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d8d1d9b36d6e70c742c67aa3a7ffd79
Size

1.5MB
Sample

231226-t7xxdsebb4
MD5

7d8d1d9b36d6e70c742c67aa3a7ffd79
SHA1

79b14c5f3b5840d4965bf111e62082285491793f
SHA256

11fc87c03c005ecbd67a4b07ebee1551ad8e2df0946d50a2725c3bd96700f015
SHA512

0bfe4c97423d23bbb0a6542b255d72b31f754dc930fad57cccc3e70efb801afdf97340a18253b1654cafcbf699ba96e8a037debde8286b5e72dea504bd09fd7d
SSDEEP

24576:ZdLZ9BAfvmM5mEimnwn4u65m8u5vDXgXxHCllLfQ62KgO2bOcKpJA7D:XZ9mmPEimE65SrXQinl0KpJA7D

Score

7^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  7d8d1d9b36d6e70c742c67aa3a7ffd79
- Size
  
  1.5MB
- MD5
  
  7d8d1d9b36d6e70c742c67aa3a7ffd79
- SHA1
  
  79b14c5f3b5840d4965bf111e62082285491793f
- SHA256
  
  11fc87c03c005ecbd67a4b07ebee1551ad8e2df0946d50a2725c3bd96700f015
- SHA512
  
  0bfe4c97423d23bbb0a6542b255d72b31f754dc930fad57cccc3e70efb801afdf97340a18253b1654cafcbf699ba96e8a037debde8286b5e72dea504bd09fd7d
- SSDEEP
  
  24576:ZdLZ9BAfvmM5mEimnwn4u65m8u5vDXgXxHCllLfQ62KgO2bOcKpJA7D:XZ9mmPEimE65SrXQinl0KpJA7D
Score

7^/10

adware discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistencespywarestealer