4844e0e0de7ef5b004bc051d9a3a59b3ccb1e05abadb8e35a43314a1d5ce1d27 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

IDMan.exe

windows7-x64

7

IDMan.exe

windows10-2004-x64

7

Sharing

General

Target

IDMan.exe
Size

5.7MB
Sample

240601-kh45qsgd77
MD5

c63282dcd9262fe365d0047b60bede8c
SHA1

8c3db4811962cc0b88a00ff07cc3f87a3e81d390
SHA256

4844e0e0de7ef5b004bc051d9a3a59b3ccb1e05abadb8e35a43314a1d5ce1d27
SHA512

10e05559633d26f52b1d9481321b6585c93578fbffa0bbad426791f8148edbd67d02b2f166c74154192c7b11b426f00c7ee7b372ef5578512b81e4fb4737fff3
SSDEEP

98304:wnNfMJBeiJ9a3N8rP4j18frP3wbzWFimaI7dlo:gOBeiJ9adygbzWFimaI7dl

Score

7^/10

adware persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

IDMan.exe

Resource

win7-20240221-en

adware persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

IDMan.exe

Resource

win10v2004-20240426-en

adware spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  IDMan.exe
- Size
  
  5.7MB
- MD5
  
  c63282dcd9262fe365d0047b60bede8c
- SHA1
  
  8c3db4811962cc0b88a00ff07cc3f87a3e81d390
- SHA256
  
  4844e0e0de7ef5b004bc051d9a3a59b3ccb1e05abadb8e35a43314a1d5ce1d27
- SHA512
  
  10e05559633d26f52b1d9481321b6585c93578fbffa0bbad426791f8148edbd67d02b2f166c74154192c7b11b426f00c7ee7b372ef5578512b81e4fb4737fff3
- SSDEEP
  
  98304:wnNfMJBeiJ9a3N8rP4j18frP3wbzWFimaI7dlo:gOBeiJ9adygbzWFimaI7dl
Score

7^/10

adware persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistencespywarestealer

behavioral2

adwarespywarestealer

© 2018-2024

Terms | Privacy