General
-
Target
Setup_IDMFULL.zip
-
Size
1.2MB
-
Sample
240913-hqgcjazelr
-
MD5
294ac3b8b518ff5c4bb8d52dd8dd3ea2
-
SHA1
fd485a4419b5649b53876429c9debc707de96816
-
SHA256
5f5c50fcc094a47683fe8eaf4d702148f9edfd6b941d49323239c3381590d254
-
SHA512
8b507cca905afd20d5ebcadb539d255f04b0afc29909dd9c0ba3ac93c54f17caddb9af3e688ab8b57219fc616a74baf32a5eec61b3f4a7ec1eee1c302840403d
-
SSDEEP
24576:OwEvsW3QoTKN/N9tNhVbGi29xqZhF0HGiwKLvTzOqV2D5EX:9OpMDbL4MZ7iwfJ5c
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
3.1MB
-
MD5
bfcaf842e8364b0ed3c49f12ae8a3b7d
-
SHA1
634a62bc50e022389fed5c067a5c427d294386ec
-
SHA256
926f900e45e94f6c8500b5265fe89b3fd6dd3347fe158583bbaa2abda3c12b27
-
SHA512
8ee330cce65945461a6699478c31ae8883cc0b055551f838ddc2633dcb53b96dac8a60e5a1eead783ea7c43db54a50041874df7b50258a56c699114223ed1cc1
-
SSDEEP
49152:ytTD3Ka0tK8T2J5e0EadrDFaRgDme0f17yQjkYPTnh1BDqE+J8iQwWdA+S+om/mz:/0EYrWFeCj+J8iPOzu
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1