3d73b2fa3ec9805b5b91ac51994cda00fcfdfba2f5e72288e494392082d9aa2a

Analysis

max time kernel
1478s
max time network
1494s
platform
windows11-21h2_x64
resource
win11-20240319-fr
resource tags

arch:x64arch:x86image:win11-20240319-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
11/04/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Opera GX/assistant/assistant_installer.exe
Size

1.8MB
MD5

4c8fbed0044da34ad25f781c3d117a66
SHA1

8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256

afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512

a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481
SSDEEP

24576:K9A2yB7Nxu6wdWob6zD0fnBa2M9SmWqRYv9XTQdg7VHUw9MqNTLTM7DbXTWs4HU+:cAF/wvfnJ1zRH/2qNvsD3W3HUTX4Ean

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2932	2596	assistant_installer.exe	79
PID 2596 wrote to memory of 2932	2596	assistant_installer.exe	79
PID 2596 wrote to memory of 2932	2596	assistant_installer.exe	79

C:\Users\Admin\AppData\Local\Temp\Opera GX\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Opera GX\assistant\assistant_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Users\Admin\AppData\Local\Temp\Opera GX\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Opera GX\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x574f48,0x574f58,0x574f64
  2⤵
  PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
2c72bf2108c965baeff7ec734fcf8b03

SHA1
7298af695e5a74b6f1f9f3ce20900c88d59ece57

SHA256
3b14d4ba9c5fe8223bd60323e5176de764af08e36b447113371e3cd59d0cc693

SHA512
1664e74e1a7d8c4ba94630ca480b2cd8a1a19e750ba5a3bea1b7fdffed7fbddd37fd55a20bae6d67c9a098a914c41a62d34ba1b1ba2b7047be7c412b6f503da5

Download Submit