General
-
Target
82a208e77252373007e6f79c762d425880880248d34e296a99403a505b0d1e01N
-
Size
4.4MB
-
Sample
241006-m44gfavdpg
-
MD5
969d8ebe46550d8e17285750ac991920
-
SHA1
8a0a763d10c230d4727b8bc4924b809cadae3b83
-
SHA256
82a208e77252373007e6f79c762d425880880248d34e296a99403a505b0d1e01
-
SHA512
0c60a2989045d853fb73afb00be7af061112d290b33f7355175a3b53a469626fb730e8cac9b7a9c9d2313fdca3d3ef11e15ca079aca909c894bf4f4c61e9100e
-
SSDEEP
6144:w9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9tf:qIIIIIIIIIIIIIIIIIIIIIIIIIIII
Malware Config
Targets
-
-
Target
82a208e77252373007e6f79c762d425880880248d34e296a99403a505b0d1e01N
-
Size
4.4MB
-
MD5
969d8ebe46550d8e17285750ac991920
-
SHA1
8a0a763d10c230d4727b8bc4924b809cadae3b83
-
SHA256
82a208e77252373007e6f79c762d425880880248d34e296a99403a505b0d1e01
-
SHA512
0c60a2989045d853fb73afb00be7af061112d290b33f7355175a3b53a469626fb730e8cac9b7a9c9d2313fdca3d3ef11e15ca079aca909c894bf4f4c61e9100e
-
SSDEEP
6144:w9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9t1m9tf:qIIIIIIIIIIIIIIIIIIIIIIIIIIII
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1