General
-
Target
MalwareBazaar.8
-
Size
3.3MB
-
Sample
240802-rexptasbja
-
MD5
9dda9150fe6f164bdceea0e100775c9e
-
SHA1
2e36cd011e0bffc34834084ddeaa565409eb1a27
-
SHA256
a1c87e4bf854975c38a1f40207df6b4d847d880aca5e69ab8d35405f6d3a1999
-
SHA512
474ba30bcfc557cf4503d6a2d55125a448ddf24bd3c8a633f8b9499ff10d131d573cf6cd72780b35b9424befb98263acffca6f228851817a61f43e46b476f0a3
-
SSDEEP
24576:6DVIMTXcyGcVvpCTdV6FJ4kel43fEoH7ViVCmB1dpJCBonSeYj8MS9uU8wzfiln:
Malware Config
Targets
-
-
Target
MalwareBazaar.8
-
Size
3.3MB
-
MD5
9dda9150fe6f164bdceea0e100775c9e
-
SHA1
2e36cd011e0bffc34834084ddeaa565409eb1a27
-
SHA256
a1c87e4bf854975c38a1f40207df6b4d847d880aca5e69ab8d35405f6d3a1999
-
SHA512
474ba30bcfc557cf4503d6a2d55125a448ddf24bd3c8a633f8b9499ff10d131d573cf6cd72780b35b9424befb98263acffca6f228851817a61f43e46b476f0a3
-
SSDEEP
24576:6DVIMTXcyGcVvpCTdV6FJ4kel43fEoH7ViVCmB1dpJCBonSeYj8MS9uU8wzfiln:
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1