General
-
Target
codex.exe
-
Size
72.1MB
-
Sample
240726-zjapvatdmp
-
MD5
243d1cd4cc0d8a71c0b0464fc1c61e04
-
SHA1
972ad74ffb5297a7ba17ff1feba001b3b85a1264
-
SHA256
47101feef3d93e6a4b744126ab1ca10f83a85464f102ec7e95f2f70fd602791e
-
SHA512
463117bab1351d92c5616fb77fe9745f067a2a62eb184cf0704ab69537b2461e5c3dc9ae187345c192d4c9227cb973283eedc8cbb4c2549cb7b8bc29feb5f16a
-
SSDEEP
1572864:XQEzy1V4wDmysdhBNrkiKuXDXzUQApbo77R7Pu5W7rS20DHQRAUiIf/m7:gEqVzWdhHQiKizUQpR7N7eHDH4iIf/m7
Malware Config
Targets
-
-
Target
codex.exe
-
Size
72.1MB
-
MD5
243d1cd4cc0d8a71c0b0464fc1c61e04
-
SHA1
972ad74ffb5297a7ba17ff1feba001b3b85a1264
-
SHA256
47101feef3d93e6a4b744126ab1ca10f83a85464f102ec7e95f2f70fd602791e
-
SHA512
463117bab1351d92c5616fb77fe9745f067a2a62eb184cf0704ab69537b2461e5c3dc9ae187345c192d4c9227cb973283eedc8cbb4c2549cb7b8bc29feb5f16a
-
SSDEEP
1572864:XQEzy1V4wDmysdhBNrkiKuXDXzUQApbo77R7Pu5W7rS20DHQRAUiIf/m7:gEqVzWdhHQiKizUQpR7N7eHDH4iIf/m7
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1