General
-
Target
fedlogger_exe_18319631723.zip
-
Size
55KB
-
Sample
240801-zb7plswcnq
-
MD5
5768fe2b9cff58519c707e7b8f110e4b
-
SHA1
0b3ca234333c7d12ef5ff0ae33db8457ce1ea303
-
SHA256
e078da53644f1f448c09e73cd85998c11ed826608581e4feb4dff9c773182b53
-
SHA512
cea42b9881013e90819d33ee99f208bc7b2574049e3849bde52587bff1d34ad43d714479d50f18f8f4fe36f849404564926efcd3a9322f4da552b023aa292d2e
-
SSDEEP
768:Gypp5KGZVuaAVXfKomYw4bW76I7hldHCxIMkhDsAbJoAe3ixgKWwCjm6elgPahId:G6KEA1eY1CmIdHQIMk4rrpm6Uu6Na
Malware Config
Targets
-
-
Target
c9128517cfebac85d83b5a3c4e6aa7c4e0628f3301abbed20cc292c1f9dfca50
-
Size
94KB
-
MD5
46db5f5f7bb3e0722d6243b8ec51ccf1
-
SHA1
bf906d34c8cf47d22241041415fce2278fd24f18
-
SHA256
c9128517cfebac85d83b5a3c4e6aa7c4e0628f3301abbed20cc292c1f9dfca50
-
SHA512
1f677c3737338af12a3814ef7d7a5d9b56b1998504268effd3f6b6f3758091269e09eec4d23309f8033be920f4f4294a64de5ee3f4239529e77687c505052e7d
-
SSDEEP
1536:z7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfEwOqZwmRcOQ:v7DhdC6kzWypvaQ0FxyNTBfERe0
Score10/10-
Disables service(s)
-
Modifies firewall policy service
-
UAC bypass
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify System Firewall
2Disable or Modify Tools
1Modify Registry
4Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Permission Groups Discovery
1Local Groups
1Query Registry
1Remote System Discovery
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1