General
-
Target
ff4188dc02e8d3dabea5b613c00d34cb.exe
-
Size
3.2MB
-
Sample
240805-t64csawbnh
-
MD5
ff4188dc02e8d3dabea5b613c00d34cb
-
SHA1
1bd4ef476c54795c28cb3acbaa44b2fbc4abc9ee
-
SHA256
ea0c1b448dfd94060600f75faab6f2bb929269cf1a6498859cff129353e5d7da
-
SHA512
14f0940053c2d0218e2ba325b585e20a5252ad57b29630a57607d4f70d390227148aa0bc366e4d57afc3cd7785d2e0ea9b7f9a96732a9699c346c9c3e39cc45a
-
SSDEEP
49152:Fy6VlEbmYQ2gLOkmL35nZfmcb0Z7NANyu1DyTj9yMQoPwdCqp6aIrM1SI2ChbMTt:d5Okc35nlQN8y/JyQPHqp6Ribb2
Malware Config
Targets
-
-
Target
ff4188dc02e8d3dabea5b613c00d34cb.exe
-
Size
3.2MB
-
MD5
ff4188dc02e8d3dabea5b613c00d34cb
-
SHA1
1bd4ef476c54795c28cb3acbaa44b2fbc4abc9ee
-
SHA256
ea0c1b448dfd94060600f75faab6f2bb929269cf1a6498859cff129353e5d7da
-
SHA512
14f0940053c2d0218e2ba325b585e20a5252ad57b29630a57607d4f70d390227148aa0bc366e4d57afc3cd7785d2e0ea9b7f9a96732a9699c346c9c3e39cc45a
-
SSDEEP
49152:Fy6VlEbmYQ2gLOkmL35nZfmcb0Z7NANyu1DyTj9yMQoPwdCqp6aIrM1SI2ChbMTt:d5Okc35nlQN8y/JyQPHqp6Ribb2
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1