General
-
Target
cred.dll
-
Size
1.0MB
-
Sample
241105-ksq1vsyfpr
-
MD5
921b0badeaffee860310e6755769337e
-
SHA1
cfe2dfe5f457383e1723e4423e78620cc9fa8f91
-
SHA256
c9914b4ab252e782b73ab0a3efad386444ba8a8059167adcb0675968da2df36f
-
SHA512
2035442326a8e1f9733fef189cd135ce7b2dd22deda62d74e99ffd7eb83413487b91d72dba47f5512e4adcd45998ff5680a4b75342bba4c43d34186eacce1120
-
SSDEEP
24576:KNFxrUgNQWcPb72kXGWjVcwBlTd8DKT/VSMsCdTzHpgaym9:KNFxogmf2scG1Tzcm9
Behavioral task
behavioral1
Sample
cred.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cred.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
amadey
5.03
6305e7
http://185.215.113.217
-
strings_key
d8908af61183845bc93b283be7b75129
-
url_paths
/CoreOPT/index.php
Targets
-
-
Target
cred.dll
-
Size
1.0MB
-
MD5
921b0badeaffee860310e6755769337e
-
SHA1
cfe2dfe5f457383e1723e4423e78620cc9fa8f91
-
SHA256
c9914b4ab252e782b73ab0a3efad386444ba8a8059167adcb0675968da2df36f
-
SHA512
2035442326a8e1f9733fef189cd135ce7b2dd22deda62d74e99ffd7eb83413487b91d72dba47f5512e4adcd45998ff5680a4b75342bba4c43d34186eacce1120
-
SSDEEP
24576:KNFxrUgNQWcPb72kXGWjVcwBlTd8DKT/VSMsCdTzHpgaym9:KNFxogmf2scG1Tzcm9
-
Blocklisted process makes network request
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1