9edcf4905388c25cb2782272ed5458157c6fded7d6e5ef0439102f1c74fd9925 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

BrowserCol...64.exe

windows10-1703-x64

9

BrowserCol...64.exe

windows10-2004-x64

7

BrowserCol...64.exe

windows11-21h2-x64

7

Sharing

General

Target

BrowserCollector_x64.exe
Size

779KB
Sample

240819-3l8anssaqe
MD5

71b5e70a257f47dd6c9ead4f1010bd88
SHA1

f75c41ecbf6f34ca0048534d72f8847b37c38229
SHA256

9edcf4905388c25cb2782272ed5458157c6fded7d6e5ef0439102f1c74fd9925
SHA512

475fd6c74c835fcdc765b56bb7baa18926e6da6c497f160386429938148f9277447918a678b41c9bf1293988896530f4fcac17d1fa93f630a446263f07d9f45f
SSDEEP

12288:ksUHsZCB1OcBfiv3P6gIo/Bw9av4Xzo0P9MqETKTvNo4UvXCt:k3RB8Wfiv3PJImBw9ag5P9MqETWxI

Score

9^/10

credential_access defense_evasion discovery persistence privilege_escalation spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BrowserCollector_x64.exe

Resource

win10-20240404-en

credential_access defense_evasion discovery persistence privilege_escalation spyware stealer

windows10-1703-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

BrowserCollector_x64.exe

Resource

win10v2004-20240802-en

spyware stealer

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

BrowserCollector_x64.exe

Resource

win11-20240802-en

spyware stealer

windows11-21h2-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  BrowserCollector_x64.exe
- Size
  
  779KB
- MD5
  
  71b5e70a257f47dd6c9ead4f1010bd88
- SHA1
  
  f75c41ecbf6f34ca0048534d72f8847b37c38229
- SHA256
  
  9edcf4905388c25cb2782272ed5458157c6fded7d6e5ef0439102f1c74fd9925
- SHA512
  
  475fd6c74c835fcdc765b56bb7baa18926e6da6c497f160386429938148f9277447918a678b41c9bf1293988896530f4fcac17d1fa93f630a446263f07d9f45f
- SSDEEP
  
  12288:ksUHsZCB1OcBfiv3P6gIo/Bw9av4Xzo0P9MqETKTvNo4UvXCt:k3RB8Wfiv3PJImBw9ag5P9MqETWxI
Score

9^/10

credential_access defense_evasion discovery persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscoverypersistenceprivilege_escalationspywarestealer

behavioral2

behavioral3

© 2018-2025

Terms | Privacy