2cef377658cb288c39bc834614518f4a7da4aad5669cafa063e9f7cce5a13f51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cef377658cb288c39bc834614518f4a7da4aad5669cafa063e9f7cce5a13f51
Size

1.0MB
Sample

241017-yhyvlssgmc
MD5

45d5f29bf5dd92d7e01a0b748c623393
SHA1

3df4379cce1a3c9837326eee7db0ca0c807b8a8e
SHA256

2cef377658cb288c39bc834614518f4a7da4aad5669cafa063e9f7cce5a13f51
SHA512

a2e4cf0d63ae12e3bdc4df507f840e2e94b4929b9d7d12dc9eeebaf5e8194c8ef3cf0c444177290e8b0621cacf807b6107fd8e4647ae275764099fe4c410d83a
SSDEEP

12288:DKnekrL58gS8TrtxEvsofhslsqWZReCWui0YejZtRTW7Ys703AEfRbksZQ17ywsg:4LiX0rbUhSKtNY4vsAfxZS0LjKY5Nti

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  2cef377658cb288c39bc834614518f4a7da4aad5669cafa063e9f7cce5a13f51
- Size
  
  1.0MB
- MD5
  
  45d5f29bf5dd92d7e01a0b748c623393
- SHA1
  
  3df4379cce1a3c9837326eee7db0ca0c807b8a8e
- SHA256
  
  2cef377658cb288c39bc834614518f4a7da4aad5669cafa063e9f7cce5a13f51
- SHA512
  
  a2e4cf0d63ae12e3bdc4df507f840e2e94b4929b9d7d12dc9eeebaf5e8194c8ef3cf0c444177290e8b0621cacf807b6107fd8e4647ae275764099fe4c410d83a
- SSDEEP
  
  12288:DKnekrL58gS8TrtxEvsofhslsqWZReCWui0YejZtRTW7Ys703AEfRbksZQ17ywsg:4LiX0rbUhSKtNY4vsAfxZS0LjKY5Nti
Score

7^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer