Overview

overview

8

Static

static

1

Internet D...an.exe

windows11-21h2-x64

8

Internet D...18.exe

windows11-21h2-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Internet Download Manager 6.42 Build 18.zip

  • Size

    14.0MB

  • Sample

    240805-lfy2dawelc

  • MD5

    cca93788c6d545899610a5c2bcd449e2

  • SHA1

    875c1925c85ab16eafaec02f34651ee9ff89e5a9

  • SHA256

    291f9c3704031a78b0bd66900e3abf9b5c9a0ad67fd9de1f3f350f430a2e6d46

  • SHA512

    a821ce519521b44645ce7984c0c1a36284b75e69f11c7d2b311cb7f90a4976262db5e1fc09184377ceb2850cfb541663f9e70e822d13e02a57491165f9191065

  • SSDEEP

    393216:Aodc3diMAjgXXYCFIJ5TeJ5/Rogd7ufua5wJ:ruiFjwXY6HogdZuy

Score
8/10
adwarediscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      Internet Download Manager 6.42 Build 18/Crack/IDMan.exe

    • Size

      5.7MB

    • MD5

      67353b85966e9606eb2cf87913e5a337

    • SHA1

      34f035a537497a2a6b8d1e49b6cd8c6a013a90ed

    • SHA256

      7a9483a2bfdb18badeef74844feb92da090442dd9b7d0916daace75cb2cd5896

    • SHA512

      1867a0fe84079576b0267cf5c2ae6d44f7bee7791355909f3d0fa1ce34b9e1e7b1eec1fa063b7cf1ca50224ba72af56f76c862c879bb7b063fc490d778c86804

    • SSDEEP

      98304:GYEZ7mp/FicAnLLtP4z18frP3wbzWFimaI7dlor:G1YFicAn/pgbzWFimaI7dlS

    Score
    8/10
    adwarediscoverypersistenceprivilege_escalationspywarestealer

    • Drops file in Drivers directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1

    • Target

      Internet Download Manager 6.42 Build 18/Setup/idman642build18.exe

    • Size

      11.7MB

    • MD5

      80e2b37abc2aab663ce237e1b5a1bd06

    • SHA1

      0abd1cbe5fbd34d258ae319633ded83286c40b37

    • SHA256

      10175f8480a170eea40c1cf31c3b6dfde6da63ddfd59383c661acba7723bc8b2

    • SHA512

      31a8436e1faabd4befd8c826ab267cf4593d5bd4f2d2872f3d60c44d38cd49588da1bae61ada483fd070296ee02aba16c474c057b226905f4e4ad677e6949bb3

    • SSDEEP

      196608:jr5pZdpmRFqnCsnyHkUCzXVWuNdr+08UCcgCBrvZfCNpN4ZuiZh0D2peVT+qTZwZ:h1sRF0CkyEU8fUNK1vApiZsKpOS8ZwZ

    Score
    4/10
    discovery
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

3
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks