4322a870a7fde8897d7a5d19907300dfcac1584a33da2d547e7e00f9363ce037 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

ChromeSetup.exe

windows10-1703-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

ChromeSetup.exe
Size

8.0MB
Sample

240802-seq3pstdkb
MD5

8046e72405bea7ce14a966ed6f2e3fe7
SHA1

df282d1ebf87dfbd992937880c3a2d3bf780dd27
SHA256

4322a870a7fde8897d7a5d19907300dfcac1584a33da2d547e7e00f9363ce037
SHA512

13fe36975024215f4c60eaaa25e3f7241e8572158ab9f233d9af360dca68c06580f66bb0184075784efe447740dfc6ca7f71c63e2a98e8c72d4fa4faeb10c94a
SSDEEP

196608:bWi1ZYP2rPma7ts+ndryl6xmrsUbX1YmbWxAnwvS:b7e2rua7tsedwrsUbX1YcWxAnw

Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.exe

Resource

win10-20240404-en

discovery evasion persistence privilege_escalation spyware stealer trojan

windows10-1703-x64

31 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  8.0MB
- MD5
  
  8046e72405bea7ce14a966ed6f2e3fe7
- SHA1
  
  df282d1ebf87dfbd992937880c3a2d3bf780dd27
- SHA256
  
  4322a870a7fde8897d7a5d19907300dfcac1584a33da2d547e7e00f9363ce037
- SHA512
  
  13fe36975024215f4c60eaaa25e3f7241e8572158ab9f233d9af360dca68c06580f66bb0184075784efe447740dfc6ca7f71c63e2a98e8c72d4fa4faeb10c94a
- SSDEEP
  
  196608:bWi1ZYP2rPma7ts+ndryl6xmrsUbX1YmbWxAnwvS:b7e2rua7tsedwrsUbX1YcWxAnw
Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

© 2018-2025

Terms | Privacy