General
-
Target
windirstat1_1_2_setup.exe
-
Size
630KB
-
Sample
240729-hmlg3s1gqd
-
MD5
3abf1c149873e25d4e266225fbf37cbf
-
SHA1
6fa92dd2ca691c11dfbfc0a239e34369897a7fab
-
SHA256
370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd
-
SHA512
b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e
-
SSDEEP
12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5
Malware Config
Targets
-
-
Target
windirstat1_1_2_setup.exe
-
Size
630KB
-
MD5
3abf1c149873e25d4e266225fbf37cbf
-
SHA1
6fa92dd2ca691c11dfbfc0a239e34369897a7fab
-
SHA256
370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd
-
SHA512
b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e
-
SSDEEP
12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
9b2ad0546fd834c01a3bdcbfbc95da7d
-
SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c
-
SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37
-
SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8
-
SSDEEP
192:v6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTKK72dwF7dBdcQOz:v6JaVh4I5rpPbTK+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
4125926391466fdbe8a4730f2374b033
-
SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e
-
SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5
-
SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008
-
SSDEEP
192:4O6dJA/ruAFEiUdWWE6hE5RYUdJfbub1algMO:RKAFERdlxhGRYUzqZal
Score3/10 -
-
-
Target
$_5_
-
Size
632KB
-
MD5
3f3dd4476249ae664e3365e5bb651601
-
SHA1
752e1687d58de3bef927d9ad24c0ed3da3754e17
-
SHA256
f12d0929055567eee4b5842b7e59c34585a03191447de682dc729ad19aa2314f
-
SHA512
c9d38fa61fac0f48e8c2bc319c87df31f1ee49e8bc383ce348042480e1f0d0c28f198fbfa8cb6dd62f5767ae51ce8e67a7f527213fe1043987add465f1ba97df
-
SSDEEP
12288:5nKnA/rpVTNPjAuufoRqGKRsytFTkzpjSp+Km:InA/zTN7AvfJGAsuTkzu
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Uninstall.exe
-
Size
46KB
-
MD5
a127e6118b9dd2f9d5a7cc4d697a0105
-
SHA1
9ac17d4dcf0884ceafacf10c42209c0942dfe7a8
-
SHA256
afc864cfce79b2a6add491a27ea672d958233ed7a97a2cbbce60100d2fa1e670
-
SHA512
0e57d2856c02c55d477d9b3cc1d4bf5ffa3650d4b20be18b0a9e614d19143aee325c4cd92ff31bbddf6e93cd3ebeb47d8727de6e25faa366341cc71117122065
-
SSDEEP
768:tnCHBjSfD0RDSjiN+WWrHcRtf55M4z54q+F5871mJMOUlNu0ZBA9U:MHFSfARDSW0HefHbmJZUlNu0bP
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
4125926391466fdbe8a4730f2374b033
-
SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e
-
SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5
-
SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008
-
SSDEEP
192:4O6dJA/ruAFEiUdWWE6hE5RYUdJfbub1algMO:RKAFERdlxhGRYUzqZal
Score3/10 -
-
-
Target
shfolder.dll
-
Size
22KB
-
MD5
33c369a535290299ed5e5167cea37fdc
-
SHA1
4ea387cb55cada35de02738dfb324ab830d416f4
-
SHA256
e69da5febb5a2932cbe731e32a5d7f6615bb987a119ef2cedead4555d86144e8
-
SHA512
581f2bf315c90e200fd621477d0192c6b3b4c51575b9d9f8c85114783c4425a7de221898055aa275068e4c6c5fb0458eb13a66b4512cc7499e7cc7843aaf9e78
-
SSDEEP
384:kqXjRYAhfBALfdpju122HoSHigH2euwsHTGHVb+d3HmnH+aHjHqLHxmoqQG0CHuz:kWjRLhZAL7juAL4+
Score3/10 -
-
-
Target
wdsh0407.chm
-
Size
54KB
-
MD5
64aa305e920630d0f813691f4187c496
-
SHA1
4bbc9397c16de7cd9869252632fe038b8f8ad384
-
SHA256
181a23a56b7649d5e1c882786de531fedfb9e80a58c96ad92871f72a626eac14
-
SHA512
fde86a9a5b55756371af0d4bbb7a0b542b9765503657368540a651d153f84359fdb75522331b7672a0c242c107765e5c0ce717f60b18ff8b1bd2ef5aee44351d
-
SSDEEP
1536:EN2/oYDyp7DUWsbIxXXVP2sQoizOut88vS:O2wYDyuWsUxHVP2sQoizJ88q
Score1/10 -
-
-
Target
wdsh040e.chm
-
Size
57KB
-
MD5
bc90b966e06c5c20486815809606c77d
-
SHA1
12d7ba627d77187c1a41b552ab3c6556ba4a4823
-
SHA256
8e54bc2dd576d4bfe241e37305a525d80fd9839ed0de2e34abedf49c7f23f5cf
-
SHA512
26047532e3d6c495dc6a7b0c8d0479018227c189f1c0228ea83a209b5422ac88188c9e9cb7422ec02fc8c9dbc0ac3ce2588a62d8648fde616b9cd61b85a155b9
-
SSDEEP
1536:V6iw3SziWVuxJ16cuZ4GMFtoEOq6YShAvLpAE/Q:IiJ2uux/6cuZVG/6lhOqYQ
Score1/10 -
-
-
Target
wdsh0415.chm
-
Size
55KB
-
MD5
de97a75cfa6d6cbf91ba68c0c90695c1
-
SHA1
5932fd0fadb6ef284605e2410b5045dcc131ac93
-
SHA256
bab7db85927f846a6ac584d5fc3fb522e812fc1e505e333728f85efd16b50238
-
SHA512
7714be7430c309d2b63dfd1e90446925f417ee500b06350f595d43b9c0db121339151ea7e0440922dd6c11534e23572da3d2c9d31dc21c808a8a840ec8e0f172
-
SSDEEP
768:kb69pw0scpr+Mo4OiKvc7DqL1hjzZwAsGHJLg9KM9G/b0/P3eubAHOjDIhR7Iop/:kb6Xw07XXq9umATqMeWAHqvYnFHt
Score1/10 -
-
-
Target
wdsr0405.dll
-
Size
56KB
-
MD5
8eee4f1cde4b0cfd0365456040e05364
-
SHA1
b38200f4a3af27a59ec08fde2c6aaac4727dffbf
-
SHA256
7463df064c98cdb501b2310dcac878f9210a303d50d79431152e3031ae1a224a
-
SHA512
17da577977c6766dc56ee08726ae77f4cbbf83da1037c976d8ca36c7149bee56fd691ab735fc4a12721d86860fddc39ff99bb74aa515de96bd2da0596fbd33ab
-
SSDEEP
768:yOWz6n36MwlqZT5nNAPxIkRXIafTGO6kRfw/WZaKCam:yVSBNoSkRXIafqjkRf4QCam
Score1/10 -
-
-
Target
wdsr0407.dll
-
Size
60KB
-
MD5
619767bb217f6d1754e018926753e89f
-
SHA1
cb731df1d74ceec090cb55fb76e9dfd6e4337400
-
SHA256
7867b69c5deff7f949e58eb3ff1b266e66ad3fd252c52334927114e7c53ce27b
-
SHA512
8bb7c717206a3b86bf4c5d46d0a838373ae557708040656f9c2cb47db5f38165bb9160545d2f6d9200b9ff59160292f88044abd997bcc01e46b40a4dcf58318a
-
SSDEEP
768:QniT9wgpxcn37TFb0FuIa955yo7evokJrOLoZaKCam:QnbgpsLt4uIa95h7evokJr4OCam
Score1/10 -
-
-
Target
wdsr040a.dll
-
Size
60KB
-
MD5
cf69ec4f622ab3efc0d59c94c7861d3c
-
SHA1
8baa748295cb941e1693e4c2a298343fbfc5c048
-
SHA256
75ca96992380e5b8e323310a01c8a68805ad76223197d2bdaecc03817d233dea
-
SHA512
dcc99395fed596e6ef7a959731254093e73fa006a14b0ecbe6f780a9d8236428d9e90024e016d5f1bdbf323e1fe01ffa3727c9d09a8666ef2745dc56462ed6cf
-
SSDEEP
384:jH6u7Vn2KDadkOKDVdS9Ew5eNC1GF8wcgnSLIdOpAv18/pIaqSivHxACkwYcwiZY:HxKQ8wcgnSQOi16IaavWiZaKCam
Score1/10 -
-
-
Target
wdsr040b.dll
-
Size
56KB
-
MD5
4a5a97171af49b09f1c68ba7a9bdae34
-
SHA1
a6ed7e9ed8a4d9b462378571346fba1d40f1c75a
-
SHA256
d7fb9404282ca467e0f3e80734a388885c219269d3e9ee78bb66ee9201803ae4
-
SHA512
51a0f250cbd115f532970a291ef477de89cff786df28ee8729d35f68c8cb0f018a58e9edbaf758ff11172b68952f8fe3b74ff8ca6e8e62a482712126ddd40323
-
SSDEEP
768:ne1K36pwrqnfPAY5IaBNqhN+3ATwZaKCam:ne1oAQY5IaGqXCam
Score1/10 -
-
-
Target
wdsr040c.dll
-
Size
60KB
-
MD5
ed8a32ce3b4edbd63b6ed2b6d5ff5d5a
-
SHA1
ebb687857dff99fecc532e254445a8f3abb89e6c
-
SHA256
acd0c6b92acb5793a94e820c4d418bd6114c97fe2b9788de73879b8bf220a717
-
SHA512
8b3d9a9d0c684c4b1563abf9c65e511e0b42ac0161e9d4ea811fbee2beed05ece24450f4c997294ebb8330f2ead6688041c8ba528889205ec93ffb50fc8671e9
-
SSDEEP
768:uQWoYnbSwuHmnfPhckTBfIamFUseyqTj4e1ZaKCam:uxNHx9lfIa1Cam
Score1/10 -
-
-
Target
wdsr040e.dll
-
Size
60KB
-
MD5
08b9dbd8b49783f4d04f9ed4b1ecefa7
-
SHA1
76852aae0722e20e21e67b2fb27f2ff70d5a1f87
-
SHA256
3bb682f3088fac19c4d53b3766a3793630ea19d2be33cb0f26f7f9e5972dc221
-
SHA512
429201eef6b9c40d3330345ce2765e8038f488d90bcbf2b315d365f370d00ba2be7b245492b42dadbc220ce464f9b64b1985d4f958e4c9d26aacbd8b854b9c0b
-
SSDEEP
1536:jxuBkbqIfOtIa6BJjQ8wDl3Di5c2m5CuCam:NuBKqIfOtIa6BJjQ8wDl3Di5c2m5CJD
Score1/10 -
-
-
Target
wdsr0410.dll
-
Size
60KB
-
MD5
fc6f4868c21cc2b2c58882b3956462c5
-
SHA1
2aceeaa4bd9557880cffa3603cd25c51e9ce5a1c
-
SHA256
e9c30274fcdeaa43acaeba3eac86628107ef60dbea723ececa97008b80f40fba
-
SHA512
34990a37f943a3953cc638ba56cd6251f2609eb3b5befa11c888b1d1902ae3724b6e8141706caa616b63245ce9dd75fa3ff2bb63d6e2f53a496692e280647ffe
-
SSDEEP
768:sHqiKwZ/nujjVfHZEIaGgDqBlDZaKCam:sH7du3tHZEIaGgGCam
Score1/10 -
-
-
Target
wdsr0413.dll
-
Size
60KB
-
MD5
7d7e18f5cdeb3502e9e7aefb49b2aec2
-
SHA1
e5e3f4ca6105546e0ed3d057680fca9c07317ab4
-
SHA256
b76f0d27ee66d4bdeb0b12ca7ef8773a563d57a0167ecf151c74837209a86e0c
-
SHA512
b19a2f273ded1596b9684c50d6261631256ca6666160beabf4abb607845a9d0e743cb98906ab80f99d595c92c80ffccdd7397922bc084e05d91d38879836734b
-
SSDEEP
1536:4107oYuDSkKxxNpIaetXYaSAN/sPXNCam:tcYup6xNpIaetoaSANEPXQD
Score1/10 -
-
-
Target
wdsr0415.dll
-
Size
60KB
-
MD5
b42cd5ebbc8170865a6d1375044aaaac
-
SHA1
95ede895c956e97b9be0295066cc671e3e69be06
-
SHA256
f47cdc2d1ff1c77e3f4e008862d2cf632dc3db5145fa6d2886a0d066c0811eb9
-
SHA512
33a4910e17a64446cdfc95145c0a347e4d541f9d88c082eedaf672f4e1cf208ab43ce267d9cf9733d49c4373610e9ac84a4cc96ce71be742868d04bc9d8fdce3
-
SSDEEP
768:903q1wAPnLAdtO45vIaQnvvdBqqJZaKCam:90rstovIaQnb7Cam
Score1/10 -
-
-
Target
wdsr0419.dll
-
Size
60KB
-
MD5
4b8486682deabddcffbb4bea3e38c4ff
-
SHA1
bc006cf4eb5e5f39be1d824de9eb17de433506c2
-
SHA256
43b0d07767c8fb8aadcaa976bec7f748bbc2591085feb500eb1a453ccd4b982f
-
SHA512
14a6cbfe32854ea263f02fa8494ab5499acae0ffa32b77dec24bfc9f96e91a8772297a2e538f3504f81e9ac6336b9b66c075b76e16207d08e25126e9d7260d8e
-
SSDEEP
1536:l/sdmd9Kzcv2Nm/UWrsIan9f9PTmCCam:dsdmdIzcv2Nm/UWrsIan9f97mlD
Score1/10 -
-
-
Target
wdsr0425.dll
-
Size
56KB
-
MD5
d8e5d81fdaa2524ecf7d1233e2f7b4af
-
SHA1
d40835cc04730d6fd510fe2ab7bdbfa8cb20c31f
-
SHA256
7ff8234e53b3c7328b179fd6a7223eebea8f73802afaf7fb06ee9ca2b279b8e7
-
SHA512
c0e1c81bbae262c4596017123d8bc9a66e31a213ef9f3aeb5594a22d087d8ff1dcd0d8f4fcce114c69ccff499f850b9f4938218762e44a3ba99626092d7b3d70
-
SSDEEP
384:aHfvvS1TOKDadkOKDVdS9Ew5eNC1Gb4XRwnZsiEApsxyIG/pIaqSeUnzphxj/t3M:oqY+SRwnZsjA+4IwIaPfrdzZaKCam
Score1/10 -
-
-
Target
windirstat.chm
-
Size
50KB
-
MD5
1bddb8a0e0f9cd90a5b3936ec2c2c4cf
-
SHA1
c8302168fb532fe03e76cb8a82aa53b49ee0bc44
-
SHA256
1e87c07744054709d271337d8ce06929429b334d70875605cb68ecc4c6610cd1
-
SHA512
b857de9026b3eab13f4dbc464e6403835e3a61e5e9e3566735bf1ddd8dedc4ecf08807b27207bd8b385250b71ea234b301dd49e6f3c90f1270ae03868c035472
-
SSDEEP
768:bGA4nw8h2r+N1m0WUrKI/vjf6NDxFfC/0L7qM+ZE+ox4nnW99vpuhzK10gim:bGAT62r+N1uUll/YQZFy4nQ/uxK1Gm
Score1/10 -
-
-
Target
windirstat.exe
-
Size
636KB
-
MD5
24cd9a82fcfc658dd3ae7ba25c958ffb
-
SHA1
26e14a532e1e050eb20755a0b7a5fea99dd80588
-
SHA256
cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c
-
SHA512
4de675be1f7d618d133ef24765a027840473e0c5bc93550d5e5fdbf078edc74c2241e6e3cd8753517e2954c7f09b9909028de7b727294d723fb5700658c7979d
-
SSDEEP
12288:o5UnhjOmG0fJO6egoEQFauJsfmhR5ju0phsQkPaUynbiljjQt6pgw/HuADm:qUnxUjJVhRZdpmQkYyjjQtSgK
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1