General
-
Target
FTA RansomWare _v1.exe
-
Size
1.0MB
-
Sample
240918-y27lvssbjl
-
MD5
eb3c187ffa93148e3c46c4a13e5087c0
-
SHA1
3119ee5b8495efcb7ad9bc2e828679cb2abc339b
-
SHA256
9de94be52e669684a401810dd255cfc34ca25f91432086e755f785acee789517
-
SHA512
5006b26482fcf83a36c167a1f1ee60b46e0d59dea2d31700baa14e362b44949fac7f4f47a776d3a7f082c0186ba7f076b9693f01c00a92e37a2c5b061a23c922
-
SSDEEP
12288:s81lcRX7J1Ote+HfKst1I0OaLU2oUefp6WnbmgM4nPllwurndV02WC/R:s81lgn0egDiHpnnbmgM4PlbsiJ
Malware Config
Targets
-
-
Target
FTA RansomWare _v1.exe
-
Size
1.0MB
-
MD5
eb3c187ffa93148e3c46c4a13e5087c0
-
SHA1
3119ee5b8495efcb7ad9bc2e828679cb2abc339b
-
SHA256
9de94be52e669684a401810dd255cfc34ca25f91432086e755f785acee789517
-
SHA512
5006b26482fcf83a36c167a1f1ee60b46e0d59dea2d31700baa14e362b44949fac7f4f47a776d3a7f082c0186ba7f076b9693f01c00a92e37a2c5b061a23c922
-
SSDEEP
12288:s81lcRX7J1Ote+HfKst1I0OaLU2oUefp6WnbmgM4nPllwurndV02WC/R:s81lgn0egDiHpnnbmgM4PlbsiJ
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1