General
-
Target
1a132581e8a034b99aeee19ff13b4540N
-
Size
355KB
-
Sample
240907-vyq8xsxekd
-
MD5
1a132581e8a034b99aeee19ff13b4540
-
SHA1
a881604711bc01c6789f60d5636c4844d04638b3
-
SHA256
9b1766ca450018048eb6de8cab5162bcf23a19663098eb22bbd9a0f8af189a12
-
SHA512
2bd1043acd22cefe0af24b694fc89c1babc8576590b36856dcad354b0b940dd56c6579667c5a314b48c625d095d8ee21ed5746ed0920c58c6680fae0a86d4feb
-
SSDEEP
6144:pBh8i+44xfcDYmATR0ft6yF6/C+4auMEg6v52HDMsuvzbTZKtWV0w9gq:Th8i8cDrIc/Kj4auMAS5eTZK
Malware Config
Targets
-
-
Target
1a132581e8a034b99aeee19ff13b4540N
-
Size
355KB
-
MD5
1a132581e8a034b99aeee19ff13b4540
-
SHA1
a881604711bc01c6789f60d5636c4844d04638b3
-
SHA256
9b1766ca450018048eb6de8cab5162bcf23a19663098eb22bbd9a0f8af189a12
-
SHA512
2bd1043acd22cefe0af24b694fc89c1babc8576590b36856dcad354b0b940dd56c6579667c5a314b48c625d095d8ee21ed5746ed0920c58c6680fae0a86d4feb
-
SSDEEP
6144:pBh8i+44xfcDYmATR0ft6yF6/C+4auMEg6v52HDMsuvzbTZKtWV0w9gq:Th8i8cDrIc/Kj4auMAS5eTZK
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
2Credentials in Registry
1