Resubmissions
08/09/2024, 05:25
240908-f4byvsygqn 9General
-
Target
https://cdn.discordapp.com/attachments/1274222382973980684/1282052905850900660/UNBANFIVEM.rar?ex=66ddf450&is=66dca2d0&hm=83d7d3a549f45133f6032d8d6f819b9dd8a874e6d9afef3929e69472c73a603c&
-
Sample
240908-f4byvsygqn
Score
9/10
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1274222382973980684/1282052905850900660/UNBANFIVEM.rar?ex=66ddf450&is=66dca2d0&hm=83d7d3a549f45133f6032d8d6f819b9dd8a874e6d9afef3929e69472c73a603c&
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-