General
-
Target
01945f8973c0f2ecccf5adbbb8680cf1b359c1f55158597953254ca0d39e98e5
-
Size
76KB
-
Sample
240726-wt3ltsyhla
-
MD5
a5e304adfddfc62a9de7aaaa94e96812
-
SHA1
18e1d5d16d3882917d151a43c437af87cce9c58b
-
SHA256
01945f8973c0f2ecccf5adbbb8680cf1b359c1f55158597953254ca0d39e98e5
-
SHA512
76ebd68318519805c205480c07d8fa03ab767f8f54acdb70f0434b76ad744fa1736e43d62c2758536c510cf508b6bbea7d217a5167594b98b67c9c704a5ca492
-
SSDEEP
768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8M8YA7B7S:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5gYv
Malware Config
Targets
-
-
Target
01945f8973c0f2ecccf5adbbb8680cf1b359c1f55158597953254ca0d39e98e5
-
Size
76KB
-
MD5
a5e304adfddfc62a9de7aaaa94e96812
-
SHA1
18e1d5d16d3882917d151a43c437af87cce9c58b
-
SHA256
01945f8973c0f2ecccf5adbbb8680cf1b359c1f55158597953254ca0d39e98e5
-
SHA512
76ebd68318519805c205480c07d8fa03ab767f8f54acdb70f0434b76ad744fa1736e43d62c2758536c510cf508b6bbea7d217a5167594b98b67c9c704a5ca492
-
SSDEEP
768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8M8YA7B7S:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5gYv
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (16798) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1