General
-
Target
01a9f9baa64695cffce1206d71f6e0360de41ddbddbad129c2a405bd5c6653ec
-
Size
2.0MB
-
Sample
231013-a8gr1sgf2x
-
MD5
f414f6563f0ebfd5e3315e7f38d34b2f
-
SHA1
8c3cb57658e66bce0e34e43260b905523a45e4f9
-
SHA256
01a9f9baa64695cffce1206d71f6e0360de41ddbddbad129c2a405bd5c6653ec
-
SHA512
e012bacb67161b93010c1d54f25a34ef3f81cf8cf6f8cbf396d05fca6755a51f480939507691a0ca0679c41af1d45b3be50e9fb26b234d8cb7103b5e62fbb7bc
-
SSDEEP
49152:2CPqNEpLpxnSsnHrcXy2m+8n9NRvSgtNE:NqNyPSsH
Malware Config
Targets
-
-
Target
01a9f9baa64695cffce1206d71f6e0360de41ddbddbad129c2a405bd5c6653ec
-
Size
2.0MB
-
MD5
f414f6563f0ebfd5e3315e7f38d34b2f
-
SHA1
8c3cb57658e66bce0e34e43260b905523a45e4f9
-
SHA256
01a9f9baa64695cffce1206d71f6e0360de41ddbddbad129c2a405bd5c6653ec
-
SHA512
e012bacb67161b93010c1d54f25a34ef3f81cf8cf6f8cbf396d05fca6755a51f480939507691a0ca0679c41af1d45b3be50e9fb26b234d8cb7103b5e62fbb7bc
-
SSDEEP
49152:2CPqNEpLpxnSsnHrcXy2m+8n9NRvSgtNE:NqNyPSsH
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1