Overview

overview

8

Static

static

3

IDMan.exe

windows11-21h2-x64

7

idman642build3f.exe

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Sandbox Test.zip

  • Size

    13.8MB

  • Sample

    240119-a3nndacbg3

  • MD5

    be407cf79c9279bec9f20a3a27c3da07

  • SHA1

    b289211d201e3f017e3d6e55c09da6b1a58a2724

  • SHA256

    6e0b47ffd6df898bf0ae06756a80afde99551bcd32ba19bdc4c0480fd18ce01d

  • SHA512

    731931ad981fbf4ba938bf51d17e2a916a6190b74b3585a9aeddd99f0a2450ae398e94ca7a7f6eee0e118fca0f69cf0f28af54002fb7a83cb9960233533607aa

  • SSDEEP

    393216:2Z190ezOWEBIvWTDIa8vAYtw4+Eg9sO2bTAEqTV8PZoPUuY:2l0ezOWh0DIaihK4+sO0aGp

Score
8/10
adwarediscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      IDMan.exe

    • Size

      5.7MB

    • MD5

      a57f39dce579d5cac4a72f2da5e2904d

    • SHA1

      6f491b0292f1b5e21ef9f349658466c8e7a529ad

    • SHA256

      b7d59cf1babf26bb7b33a39c0f65f7bdf45d9b989fc8171e6bde75b114407217

    • SHA512

      6574a90c2642097a120a83803adaaf5571e081fa7e1728f47db40db695314d15e42bfc77edf104d633ee0fa2103dc8c43cabbb5010d7ec72d6abac34aa325b89

    • SSDEEP

      98304:GvYacieQl8f4Z9udTP4R18frP3wbzWFimaI7dlo:GJcTf4Z965gbzWFimaI7dl

    Score
    7/10
    adwareevasionpersistencespywarestealertrojan

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1

    • Target

      idman642build3f.exe

    • Size

      11.5MB

    • MD5

      fc4a15077ef1524b83aea5b4e75fd5ac

    • SHA1

      0885b8f0cfe8bf2628dad5d2d827f152321852b5

    • SHA256

      c317470c678aa92635bcf6953bf43d25a57b52fae6008407c6cb67b684f7e75d

    • SHA512

      9969c970e9148b933df26c660d3632fcd566299b9d659c721afdffed84a6b906a9fc47f01c3bc597eb075158849c1be8e4268cc88c543766449ba8b1e5a814fb

    • SSDEEP

      196608:waI5pPfe7VJ3i/gijYWWgNrzGfLUz+n3rt8f0NtYwZuEI8YcOD2pe9wKoQKI:cg7ni/g2VigOt9t3ZkcOKp9KoQKI

    Score
    8/10
    adwarediscoverypersistencespywarestealer

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks