General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.308.19674.exe
-
Size
1.3MB
-
Sample
240820-jbs88atekj
-
MD5
e14d1830648e452e1e50f41c40d063ff
-
SHA1
4dbde747d408249b268153a770088619548fd8b9
-
SHA256
878f318722d59f4bf5e617bf4daef2f12f539170f16d5b263d816a03b9d5107c
-
SHA512
f59381d571f596b169e8ee2bfc07e492dbbe963c633ca5127c32bdabe0b33051dd6e3e8d5b85f136d025251aa5f0e11010101f1c48ec4090b20136fbb6472f81
-
SSDEEP
24576:u9wC/qaSuGyhkCDTQ6wwmmg+xQmjsHYk19kJzFN6t04JxmaODf:FiUuHCCZwbj3zYk19klFNCPRODf
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.308.19674.exe
-
Size
1.3MB
-
MD5
e14d1830648e452e1e50f41c40d063ff
-
SHA1
4dbde747d408249b268153a770088619548fd8b9
-
SHA256
878f318722d59f4bf5e617bf4daef2f12f539170f16d5b263d816a03b9d5107c
-
SHA512
f59381d571f596b169e8ee2bfc07e492dbbe963c633ca5127c32bdabe0b33051dd6e3e8d5b85f136d025251aa5f0e11010101f1c48ec4090b20136fbb6472f81
-
SSDEEP
24576:u9wC/qaSuGyhkCDTQ6wwmmg+xQmjsHYk19kJzFN6t04JxmaODf:FiUuHCCZwbj3zYk19klFNCPRODf
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1