617036f5c8ef6a426e1b02347d163d6edf266e19060f87983be4444f6cdc0561 | Triage

Sharing

General

Target

617036f5c8ef6a426e1b02347d163d6edf266e19060f87983be4444f6cdc0561
Size

717KB
Sample

241107-3ljbjszgkr
MD5

c6f3e7b9ce31b3e810a0f734baccbb6b
SHA1

3d3850d0d76472eede875fc540e8288aed969bd5
SHA256

617036f5c8ef6a426e1b02347d163d6edf266e19060f87983be4444f6cdc0561
SHA512

d41fe2264aade2e12fa544fff51a7d2f5a8e13680ef8f85c27f5541824878fdcb893f27c429ee40fda841d1f1ea8ed53db0b057d06f54fd8fb15440973fcc9a4
SSDEEP

12288:aKnekrL585h1Vqirj9s9q9b4Qigq0hzIzLDm2J2PGPbwZ6DJ5gihGnVPat9YOX:TLi5jbKU9bfaeKLnJDPkcDJDAVAX

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  617036f5c8ef6a426e1b02347d163d6edf266e19060f87983be4444f6cdc0561
- Size
  
  717KB
- MD5
  
  c6f3e7b9ce31b3e810a0f734baccbb6b
- SHA1
  
  3d3850d0d76472eede875fc540e8288aed969bd5
- SHA256
  
  617036f5c8ef6a426e1b02347d163d6edf266e19060f87983be4444f6cdc0561
- SHA512
  
  d41fe2264aade2e12fa544fff51a7d2f5a8e13680ef8f85c27f5541824878fdcb893f27c429ee40fda841d1f1ea8ed53db0b057d06f54fd8fb15440973fcc9a4
- SSDEEP
  
  12288:aKnekrL585h1Vqirj9s9q9b4Qigq0hzIzLDm2J2PGPbwZ6DJ5gihGnVPat9YOX:TLi5jbKU9bfaeKLnJDPkcDJDAVAX
Score

7^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer