payload.bin
payload.bin
413KB
191202-tlqmh39dms
78d9ee4ebd4513402dffaf2efccbad0e
713576099fea6dd4c37e84e2c507bc1e7f027948
9d86acff939f2bab3d4a8a8eed8581475189a3e76ba03bbe30e7b36c4b0ffd38
f611fea65cacd42c488aa4ae365e38a96f154e79b1e283efef0b8a6aa0c6b8a0d3e7317d57209317b5d0b9a7822ece8809ac7c0a15df1b7328c447314971034d
payload.bin
78d9ee4ebd4513402dffaf2efccbad0e
413KB
713576099fea6dd4c37e84e2c507bc1e7f027948
9d86acff939f2bab3d4a8a8eed8581475189a3e76ba03bbe30e7b36c4b0ffd38
f611fea65cacd42c488aa4ae365e38a96f154e79b1e283efef0b8a6aa0c6b8a0d3e7317d57209317b5d0b9a7822ece8809ac7c0a15df1b7328c447314971034d
Tags
Signatures
-
Reads Epic privacy browser user data, possible credential harvesting
-
Reads Nichrome user data, possible credential harvesting
Tags
TTPs
-
Reads Centbrowser user data, possible credential harvesting
Tags
TTPs
-
Reads Kometa user data, possible credential harvesting
Tags
TTPs
-
Reads Go! user data, possible credential harvesting
Tags
TTPs
-
Reads Uran user data, possible credential harvesting
Tags
TTPs
-
Reads Amigo user data, possible credential harvesting
Tags
TTPs
-
Reads Qip surf user data, possible credential harvesting
Tags
TTPs
-
Reads user profile for Thunderbird email client, possible credential harvesting
Tags
TTPs
-
Reads Dragon user data, possible credential harvesting
Tags
TTPs
-
Reads Torch user data, possible credential harvesting
Tags
TTPs
-
Reads Firefox user profile, possible credential harvesting
Tags
TTPs
-
Reads Secure browser user data, possible credential harvesting
Tags
TTPs
-
Reads Chedot user data, possible credential harvesting
Tags
TTPs
-
Reads 7star user data, possible credential harvesting
Tags
TTPs
-
Reads Chrome SxS user data, possible credential harvesting
Tags
TTPs
-
Reads Rockmelt user data, possible credential harvesting
Tags
TTPs
-
Reads Tor Browser user profile, possible credential harvesting
Tags
TTPs
-
Reads Vivaldi user data, possible credential harvesting
Tags
TTPs
-
Reads Orbitum user data, possible credential harvesting
Tags
TTPs
-
Checks for installed software on the system
Tags
TTPs
-
Reads Suhba user data, possible credential harvesting
Tags
TTPs
-
Deletes itself
-
Reads Chromium user data, possible credential harvesting
Tags
TTPs
-
Reads Pale Moon browser user profile, possible credential harvesting
Tags
TTPs
-
Reads Mustang user data, possible credential harvesting
Tags
TTPs
-
Reads Superbird user data, possible credential harvesting
Tags
TTPs
-
Reads Waterfox user profile, possible credential harvesting
Tags
TTPs
-
Reads Bromium user data, possible credential harvesting
Tags
TTPs
-
Modifies system certificate store
Tags
TTPs
-
Raccoon
Description
It's the RaccAttack!
-
Reads Elements browser user data, possible credential harvesting
Tags
TTPs
-
Loads dropped DLL
-
Reads Chrome user data, possible credential harvesting
Tags
TTPs
-
Reads Sputnik user data, possible credential harvesting
Tags
TTPs
-
Windows security modification
Tags
TTPs
-
Checks system information in the registry
Description
System information is often read in order to detect sandboxing environments.
TTPs