General
-
Target
desktop.ini.tmp
-
Size
167KB
-
Sample
240806-vw81ysydrg
-
MD5
368305b4e8cecadd85663de1ce71cd9a
-
SHA1
0af726317f9a708821e6d179488fd6b19c1b7296
-
SHA256
09de95e4402c8e35e3d5751e704c6b8d8ef3d9c6337c2cd8fb1ea5334510ac4e
-
SHA512
3d0b385b3150c82de6e2794c6e6a05334a9d1b8dae62fcf980f36d78f695dd9e37d05218afc05a57bfd8afdb34e9368353f8bcdaff397cb131e99b4b3f8ae403
-
SSDEEP
3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lB95G:RqKB+tOkWKR0iJ0B5G
Malware Config
Targets
-
-
Target
desktop.ini.tmp
-
Size
167KB
-
MD5
368305b4e8cecadd85663de1ce71cd9a
-
SHA1
0af726317f9a708821e6d179488fd6b19c1b7296
-
SHA256
09de95e4402c8e35e3d5751e704c6b8d8ef3d9c6337c2cd8fb1ea5334510ac4e
-
SHA512
3d0b385b3150c82de6e2794c6e6a05334a9d1b8dae62fcf980f36d78f695dd9e37d05218afc05a57bfd8afdb34e9368353f8bcdaff397cb131e99b4b3f8ae403
-
SSDEEP
3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lB95G:RqKB+tOkWKR0iJ0B5G
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (12207) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1