General
-
Target
f4b1375ac6cbdb10a0c7b39c4a5165eda8233e4eb858a3b79b14053f701f4aed
-
Size
324KB
-
Sample
240417-rltxhach8z
-
MD5
e7db646d655d9eb97963a64e3bd4a9d4
-
SHA1
db036e89dfaa02a0d37ae5fdb58a87d99fed2f03
-
SHA256
f4b1375ac6cbdb10a0c7b39c4a5165eda8233e4eb858a3b79b14053f701f4aed
-
SHA512
c7cf92fe8a963a32a18c882ce0f59d8ad036f3c77b9afecf8e278a260e88f8dc3e32b839f198acaffd11b629828a1ea523a39ec5d6cb515e0fd8e609a00d58a8
-
SSDEEP
6144:daj53AFLvwgErrjWMfMjDDr7Ffo1uF1QyRuFI3F1MEqPWsQm0bkGSsv13z1pKQUR:daj5HgErfWMUzlMuzZuFkIEqPWswkGz2
Malware Config
Targets
-
-
Target
4c0153b979e65346c1d6f863086082ec5ef103cbf6b0f5e8652d61da678a8ca5.exe
-
Size
390KB
-
MD5
8c64181ff0dc12c87e443aae94bf6650
-
SHA1
e91d7ebd17912785caa3e71ef1571dc01b1cd854
-
SHA256
4c0153b979e65346c1d6f863086082ec5ef103cbf6b0f5e8652d61da678a8ca5
-
SHA512
4854565b054297dffc13b659a53059ee8731dca02f3027501254551cb4af20b68fb121d03e528151cf910238b49bf00a3827e74e4bb68faf85ebc50d02ad5c17
-
SSDEEP
12288:ef/X4NTn/xVkNG+w+9OqFoK323qdQYKU3:EXATn/xVkNg+95vdQa
Score10/10-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
mimikatz is an open source tool to dump credentials on Windows
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-