General
-
Target
d45c5868411b86f32f702bcf88bf9823a4c45fef8b57f575a498156423a2f9cbN
-
Size
97KB
-
Sample
241002-1mptlsscqe
-
MD5
8a3c76361a4330c28350042b2fe0ea60
-
SHA1
45a77373c154b374aced9e13f86871388c6d6d2a
-
SHA256
d45c5868411b86f32f702bcf88bf9823a4c45fef8b57f575a498156423a2f9cb
-
SHA512
45faa373e1c2af7f58a61f84bdd65489ef2d350b29b732d993fd0060ba3b6e5fe825efb9cb3f413ad6630a56b6d2c4a7bf5b86a1da9e4c14cadcecab4f3cca8f
-
SSDEEP
3072:WB9t0kr4B9t0kr4B9t0kr4B9t0kr4B9t0kr5:w9t1m9t1m9t1m9t1m9t15
Malware Config
Targets
-
-
Target
d45c5868411b86f32f702bcf88bf9823a4c45fef8b57f575a498156423a2f9cbN
-
Size
97KB
-
MD5
8a3c76361a4330c28350042b2fe0ea60
-
SHA1
45a77373c154b374aced9e13f86871388c6d6d2a
-
SHA256
d45c5868411b86f32f702bcf88bf9823a4c45fef8b57f575a498156423a2f9cb
-
SHA512
45faa373e1c2af7f58a61f84bdd65489ef2d350b29b732d993fd0060ba3b6e5fe825efb9cb3f413ad6630a56b6d2c4a7bf5b86a1da9e4c14cadcecab4f3cca8f
-
SSDEEP
3072:WB9t0kr4B9t0kr4B9t0kr4B9t0kr4B9t0kr5:w9t1m9t1m9t1m9t1m9t15
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1