7bfe0a6ad74dbff91ee347bf8fb9d565dbe83f46edefeacc1af1c68b37a1aea7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

474989eaebe85c9c6001dacc38b4dfbd
Size

2.0MB
Sample

240106-12zx5ahbdr
MD5

474989eaebe85c9c6001dacc38b4dfbd
SHA1

6efd741dd1c9732459db974c92c9b586f9a33b4d
SHA256

7bfe0a6ad74dbff91ee347bf8fb9d565dbe83f46edefeacc1af1c68b37a1aea7
SHA512

39c55d6257f9b006279bcf493826fd7bc5acedc0072ea7a7c20595d4974fcd3d23560d355c05f4acfb8814198e5a575f59a273ba1697958b9c10fa46cb831ba3
SSDEEP

3072:2pZp75DchnX/eJuaBD1YOEe5hyZx3R6KZjwA/pWpliQCIntmjOkh5:2vp75c/ecaDIECkmWplcIntmjOkh

Score

8^/10

adware collection discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  474989eaebe85c9c6001dacc38b4dfbd
- Size
  
  2.0MB
- MD5
  
  474989eaebe85c9c6001dacc38b4dfbd
- SHA1
  
  6efd741dd1c9732459db974c92c9b586f9a33b4d
- SHA256
  
  7bfe0a6ad74dbff91ee347bf8fb9d565dbe83f46edefeacc1af1c68b37a1aea7
- SHA512
  
  39c55d6257f9b006279bcf493826fd7bc5acedc0072ea7a7c20595d4974fcd3d23560d355c05f4acfb8814198e5a575f59a273ba1697958b9c10fa46cb831ba3
- SSDEEP
  
  3072:2pZp75DchnX/eJuaBD1YOEe5hyZx3R6KZjwA/pWpliQCIntmjOkh5:2vp75c/ecaDIECkmWplcIntmjOkh
Score

8^/10

adware collection discovery persistence spyware stealer
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarecollectiondiscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer