2ad8bf3c4fdc4577e6ec6289fc2d4aa5eae9c9eba189c45803baf319ca2b2d9a | Triage

Submit
Reports

Overview

overview

7

Static

static

1

ChromeSetup.exe

windows11-21h2-x64

7

Sharing

General

Target

ChromeSetup.exe
Size

8.5MB
Sample

240808-bnnv9sxekj
MD5

46324246db3e13ffe75408989b904fae
SHA1

1c52e8004cdbe49d61c58afbf20f76eab1905b26
SHA256

2ad8bf3c4fdc4577e6ec6289fc2d4aa5eae9c9eba189c45803baf319ca2b2d9a
SHA512

11bdb36cf8053b9f399ac91caf0fa08b97a4f8d1fe629a057dd3caad969e5eeb542955db1ec2a4a36c0252a73bb5f1920a289750acd3d3c01a346c049dbaaf72
SSDEEP

196608:6xfKlmR5/9Bz6nKuvueLWj9HC/Zfy5hPza21BNmxIVFuvgW8B:6bR57WnKYueL88ZK5Za21BNmxQFuvg

Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.exe

Resource

win11-20240802-en

discovery evasion persistence privilege_escalation spyware stealer trojan

windows11-21h2-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  8.5MB
- MD5
  
  46324246db3e13ffe75408989b904fae
- SHA1
  
  1c52e8004cdbe49d61c58afbf20f76eab1905b26
- SHA256
  
  2ad8bf3c4fdc4577e6ec6289fc2d4aa5eae9c9eba189c45803baf319ca2b2d9a
- SHA512
  
  11bdb36cf8053b9f399ac91caf0fa08b97a4f8d1fe629a057dd3caad969e5eeb542955db1ec2a4a36c0252a73bb5f1920a289750acd3d3c01a346c049dbaaf72
- SSDEEP
  
  196608:6xfKlmR5/9Bz6nKuvueLWj9HC/Zfy5hPza21BNmxIVFuvgW8B:6bR57WnKYueL88ZK5Za21BNmxQFuvg
Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

© 2018-2025

Terms | Privacy