General
-
Target
file.vbs
-
Size
850B
-
Sample
241001-t9l8nszdlk
-
MD5
6553e3495d4377895362f9f61f9618a0
-
SHA1
965e721be574c2ed67ba46eed5c80cc405882d45
-
SHA256
95a770de9104cd817d59bfb4f58587d0d0f637062e480976fc961492597b220c
-
SHA512
a060a5b6cbef6583f496e2772b7a83d1d244f35addbbe225cd224e50f32fe0e850b6e689540bb4912d5142206c71442a68e37787d8e354435875deb82f4a4d09
Malware Config
Targets
-
-
Target
file.vbs
-
Size
850B
-
MD5
6553e3495d4377895362f9f61f9618a0
-
SHA1
965e721be574c2ed67ba46eed5c80cc405882d45
-
SHA256
95a770de9104cd817d59bfb4f58587d0d0f637062e480976fc961492597b220c
-
SHA512
a060a5b6cbef6583f496e2772b7a83d1d244f35addbbe225cd224e50f32fe0e850b6e689540bb4912d5142206c71442a68e37787d8e354435875deb82f4a4d09
Score9/10-
Renames multiple (1821) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Network Share Discovery
Attempt to gather information on host network.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1