General
-
Target
c.exe
-
Size
32.8MB
-
Sample
240903-xyz7yawaqf
-
MD5
2fe2371be39d349de88d8916bf201f24
-
SHA1
fd7d32aea5cde87bc83bc6bd4efe9c1ccf12ca47
-
SHA256
7d29a19644fd406db1cff837682c7baaaf43ef8a0a6b8758c195b8e180bda35c
-
SHA512
cc331f345a58d694c1ef6ea8f275c3db9b2e2bfc677e497ad22ee3473cea383f802cc15e4d2ada489f631cdb10cca490680c7d30cdc0cf733441d925b278e7f4
-
SSDEEP
786432:H9AOQND7vDBDJbTiumfSy1ESWqEp+0/pW/oyt4x:dAOQt7vpxTivfSyWqrSaoS4x
Malware Config
Targets
-
-
Target
c.exe
-
Size
32.8MB
-
MD5
2fe2371be39d349de88d8916bf201f24
-
SHA1
fd7d32aea5cde87bc83bc6bd4efe9c1ccf12ca47
-
SHA256
7d29a19644fd406db1cff837682c7baaaf43ef8a0a6b8758c195b8e180bda35c
-
SHA512
cc331f345a58d694c1ef6ea8f275c3db9b2e2bfc677e497ad22ee3473cea383f802cc15e4d2ada489f631cdb10cca490680c7d30cdc0cf733441d925b278e7f4
-
SSDEEP
786432:H9AOQND7vDBDJbTiumfSy1ESWqEp+0/pW/oyt4x:dAOQt7vpxTivfSyWqrSaoS4x
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3