General

  • Target

    UDO_Device_Enrolment.exe

  • Size

    203KB

  • Sample

    220925-w4babsfga6

  • MD5

    33d42728d32ae2eae31e4e1666b9b41c

  • SHA1

    8eb8f3dd4394d95cbe0294903f11df25966e483a

  • SHA256

    125fabbc234e4aef84704adad60213c510611aa5ee1a86fc238d6497df121e21

  • SHA512

    9548f6328c27b0616ab4a44fa05735189ec14eb5bf302616877faa3a8c2473a378266ffd2435c7f578f99776ec4d1d6e3d82ac71df70bdf18161f6062360c27a

  • SSDEEP

    768:h4KUggNBTPsmV5II2Q0oXbOfq1mkmjJKQfsPE2d1NL3gkGMsG:h4KUggTTPRiQLbOamUPRvR3zG

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp-mail.outlook.com
  • Port:
    587
  • Username:
    udoderbymain@outlook.com
  • Password:
    Derbyuni2021

Targets

    • Target

      UDO_Device_Enrolment.exe

    • Size

      203KB

    • MD5

      33d42728d32ae2eae31e4e1666b9b41c

    • SHA1

      8eb8f3dd4394d95cbe0294903f11df25966e483a

    • SHA256

      125fabbc234e4aef84704adad60213c510611aa5ee1a86fc238d6497df121e21

    • SHA512

      9548f6328c27b0616ab4a44fa05735189ec14eb5bf302616877faa3a8c2473a378266ffd2435c7f578f99776ec4d1d6e3d82ac71df70bdf18161f6062360c27a

    • SSDEEP

      768:h4KUggNBTPsmV5II2Q0oXbOfq1mkmjJKQfsPE2d1NL3gkGMsG:h4KUggTTPRiQLbOamUPRvR3zG

    Score
    10/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks