General
-
Target
716ae53730390aa4b81986a53d48cc9d7543f1df3572abdff9833b86169f02c7.exe
-
Size
278KB
-
Sample
240819-b1jr3sxbnc
-
MD5
16e69734e7e9c9f9ecdee22bc5eb2c69
-
SHA1
ea3e0a13b3aa04354cf1588f54034f8801efcd0d
-
SHA256
716ae53730390aa4b81986a53d48cc9d7543f1df3572abdff9833b86169f02c7
-
SHA512
53d1d0f11537a9340fe5dce6f5b01d7cfeb175960503149eb1a612e7a6524b45d48ea545229ea7cd3fd1dcea551e68cc10591c90a9daf0fb205d6cae9d40fff6
-
SSDEEP
6144:rnv6UOOoc1Yyk4e3JYuBkajOiSCI7qx3JHo0JYFmKaDb/daEZ:rvrmc1oZ+iTsqxpcFmKGb/daEZ
Malware Config
Targets
-
-
Target
716ae53730390aa4b81986a53d48cc9d7543f1df3572abdff9833b86169f02c7.exe
-
Size
278KB
-
MD5
16e69734e7e9c9f9ecdee22bc5eb2c69
-
SHA1
ea3e0a13b3aa04354cf1588f54034f8801efcd0d
-
SHA256
716ae53730390aa4b81986a53d48cc9d7543f1df3572abdff9833b86169f02c7
-
SHA512
53d1d0f11537a9340fe5dce6f5b01d7cfeb175960503149eb1a612e7a6524b45d48ea545229ea7cd3fd1dcea551e68cc10591c90a9daf0fb205d6cae9d40fff6
-
SSDEEP
6144:rnv6UOOoc1Yyk4e3JYuBkajOiSCI7qx3JHo0JYFmKaDb/daEZ:rvrmc1oZ+iTsqxpcFmKGb/daEZ
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
2Credentials in Registry
1