0453124f30a2e9c382b114a939f29be1c9af1131c6a799d11098b7250555c6c6 | Triage

Sharing

General

Target

0453124f30a2e9c382b114a939f29be1c9af1131c6a799d11098b7250555c6c6
Size

1.5MB
Sample

240310-vtjnaaha27
MD5

82a3ce9dcc2dab94612ee76881f31476
SHA1

19ccc2fe0296f60e975a982c0a342c82b7b23c8e
SHA256

0453124f30a2e9c382b114a939f29be1c9af1131c6a799d11098b7250555c6c6
SHA512

563be5a4846aaec515e4d0557ec5eef20b61bd54745aef8bc89085ebf8a8145e9708b2dfac48865996bdb80ec998d9312d0f9e5d9ef2e6d7021b1a131d746f3d
SSDEEP

24576:T9lYzZp9pFpWFfaBx+hd8CiZEJo58EY6X8YPiZUXlQTKiK1fZzUvR38uc0a6hU:2Zpn2jAUrOdPiCVQ9auc0u

Score

9^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  0453124f30a2e9c382b114a939f29be1c9af1131c6a799d11098b7250555c6c6
- Size
  
  1.5MB
- MD5
  
  82a3ce9dcc2dab94612ee76881f31476
- SHA1
  
  19ccc2fe0296f60e975a982c0a342c82b7b23c8e
- SHA256
  
  0453124f30a2e9c382b114a939f29be1c9af1131c6a799d11098b7250555c6c6
- SHA512
  
  563be5a4846aaec515e4d0557ec5eef20b61bd54745aef8bc89085ebf8a8145e9708b2dfac48865996bdb80ec998d9312d0f9e5d9ef2e6d7021b1a131d746f3d
- SSDEEP
  
  24576:T9lYzZp9pFpWFfaBx+hd8CiZEJo58EY6X8YPiZUXlQTKiK1fZzUvR38uc0a6hU:2Zpn2jAUrOdPiCVQ9auc0u
Score

9^/10

adware discovery persistence spyware stealer
- Detects executables referencing many IR and analysis tools
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer