General
-
Target
189d83f3a3c53140731346ff6577aebddebdc8aadbb25a5b8018ee7a3dff2bc8N
-
Size
5.7MB
-
Sample
241013-shqaksxdkn
-
MD5
2423b5caf1e7f6556969ca36485f9900
-
SHA1
599ec61a3ac23ae19fe01e469ec0c5b33bb47a7c
-
SHA256
189d83f3a3c53140731346ff6577aebddebdc8aadbb25a5b8018ee7a3dff2bc8
-
SHA512
5f4cb340691049ff5a3437b8d04c4c9e36a97a4c484a14a970de94aba1c4bd7c7176680cf1cc0c0fd5add5881a92f5eabc8a9aff520b306e7137d873d5a24853
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII:
Malware Config
Targets
-
-
Target
189d83f3a3c53140731346ff6577aebddebdc8aadbb25a5b8018ee7a3dff2bc8N
-
Size
5.7MB
-
MD5
2423b5caf1e7f6556969ca36485f9900
-
SHA1
599ec61a3ac23ae19fe01e469ec0c5b33bb47a7c
-
SHA256
189d83f3a3c53140731346ff6577aebddebdc8aadbb25a5b8018ee7a3dff2bc8
-
SHA512
5f4cb340691049ff5a3437b8d04c4c9e36a97a4c484a14a970de94aba1c4bd7c7176680cf1cc0c0fd5add5881a92f5eabc8a9aff520b306e7137d873d5a24853
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII:
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1