General
-
Target
W1nner client.exe
-
Size
2.3MB
-
Sample
240819-t3x2lavclf
-
MD5
853b03119efff15876c044f4b80211e9
-
SHA1
42a5105612ae43ff75f1760ba68dc5d186228a51
-
SHA256
9b9f66ca71a3111fbe4c0a8edaf82592c0c2448c2e5585ff380a92dfab0bdf8e
-
SHA512
3fe93ffe4bf2ca0c27ed0130ae68371ce84557e610a95fbe2018d3781ddfd889263745693a5c776e45762c668c0c61d813a85c3852826c93650c55d70682938c
-
SSDEEP
49152:IBJdUyxWtYnbPflu1wrwcpXR/aErlLrR0zGAoC2lWq:yjxiYnbPNGWdyy3Aol
Malware Config
Targets
-
-
Target
W1nner client.exe
-
Size
2.3MB
-
MD5
853b03119efff15876c044f4b80211e9
-
SHA1
42a5105612ae43ff75f1760ba68dc5d186228a51
-
SHA256
9b9f66ca71a3111fbe4c0a8edaf82592c0c2448c2e5585ff380a92dfab0bdf8e
-
SHA512
3fe93ffe4bf2ca0c27ed0130ae68371ce84557e610a95fbe2018d3781ddfd889263745693a5c776e45762c668c0c61d813a85c3852826c93650c55d70682938c
-
SSDEEP
49152:IBJdUyxWtYnbPflu1wrwcpXR/aErlLrR0zGAoC2lWq:yjxiYnbPNGWdyy3Aol
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1