General
-
Target
BlackStriker.exe
-
Size
349KB
-
Sample
240825-xlrp2a1cpl
-
MD5
0595f3d2d60132f3ddb11e481766156f
-
SHA1
8216707cd96bf5a8b59af994baff7dffb7eac799
-
SHA256
a70817855f879ba69072d48ef93ac9b8116ef6e4340eff4ba09d85c344a52e75
-
SHA512
a7dfe0f01e46e817cfbad7176381b9ac30dda7b85365b16a6ec1ee0a6f2c04334ef2db72d454a73b6329aa46e2425f32b62dfe0044d55462b5781324290cdf77
-
SSDEEP
6144:esvVrDlc/hizFybqLYuiFr0wIA447IgJxbtPfKvFI8N:F5lOcUMTbEnNiD
Malware Config
Targets
-
-
Target
BlackStriker.exe
-
Size
349KB
-
MD5
0595f3d2d60132f3ddb11e481766156f
-
SHA1
8216707cd96bf5a8b59af994baff7dffb7eac799
-
SHA256
a70817855f879ba69072d48ef93ac9b8116ef6e4340eff4ba09d85c344a52e75
-
SHA512
a7dfe0f01e46e817cfbad7176381b9ac30dda7b85365b16a6ec1ee0a6f2c04334ef2db72d454a73b6329aa46e2425f32b62dfe0044d55462b5781324290cdf77
-
SSDEEP
6144:esvVrDlc/hizFybqLYuiFr0wIA447IgJxbtPfKvFI8N:F5lOcUMTbEnNiD
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1