General
-
Target
idman641build18.exe
-
Size
10.8MB
-
Sample
230815-2xl15sdg95
-
MD5
5d879a5808045ff7a8d2ba11ebf52a4c
-
SHA1
bfcfe178591d53010a53b79bb1b802e6264fa23d
-
SHA256
ac7a55f2a9dad5c36d398da20ee3a6b6d3630046faa69b723db4a5d9e41e32fa
-
SHA512
9f11d7588b428c37bdd55ed14f562d4d8f15bc6a052a2cf83f8b1bd9503d515117dbb16a2e4608805a72e2706f0fffc170c2741e972a94461405dffa4b7adbdb
-
SSDEEP
196608:YAE5pIi0H7s+9noNJeprW3N3ENyUmsGSSwprl/fvN6DYZp5PPyQuD2pe0B2D:YZZSiII3EYNsGSS4ll6MZrHuKpV2D
Malware Config
Targets
-
-
Target
idman641build18.exe
-
Size
10.8MB
-
MD5
5d879a5808045ff7a8d2ba11ebf52a4c
-
SHA1
bfcfe178591d53010a53b79bb1b802e6264fa23d
-
SHA256
ac7a55f2a9dad5c36d398da20ee3a6b6d3630046faa69b723db4a5d9e41e32fa
-
SHA512
9f11d7588b428c37bdd55ed14f562d4d8f15bc6a052a2cf83f8b1bd9503d515117dbb16a2e4608805a72e2706f0fffc170c2741e972a94461405dffa4b7adbdb
-
SSDEEP
196608:YAE5pIi0H7s+9noNJeprW3N3ENyUmsGSSwprl/fvN6DYZp5PPyQuD2pe0B2D:YZZSiII3EYNsGSS4ll6MZrHuKpV2D
Score8/10-
Drops file in Drivers directory
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2