General
-
Target
g4123.msi
-
Size
10.9MB
-
Sample
241125-3nx8gsyrbr
-
MD5
f14d4e129dc0ea8d968316df9c18995c
-
SHA1
d679be9a4b62cc5a560c641a09dc4fe2b668f261
-
SHA256
f59e59f5d7c313a059ec3adac4326d06cf039ac449deebec30b39fbe9fe1f1f1
-
SHA512
f6b02bed62191dd59eb52fbf9267c9a848e03dd020072e8e12688ca83cf3efb487f828de4b0e2302f6f8d8fcfc7575eebfa2379e47fa203787911173aeb9e1ce
-
SSDEEP
196608:68aXjDEAkJVjG2lnKOHCe0BvxJ4uY+QkHyxomkJiEBLS6A4p6625d0XL:+XPEzVjG2oICvBJJ4uckIomIa41XL
Malware Config
Targets
-
-
Target
g4123.msi
-
Size
10.9MB
-
MD5
f14d4e129dc0ea8d968316df9c18995c
-
SHA1
d679be9a4b62cc5a560c641a09dc4fe2b668f261
-
SHA256
f59e59f5d7c313a059ec3adac4326d06cf039ac449deebec30b39fbe9fe1f1f1
-
SHA512
f6b02bed62191dd59eb52fbf9267c9a848e03dd020072e8e12688ca83cf3efb487f828de4b0e2302f6f8d8fcfc7575eebfa2379e47fa203787911173aeb9e1ce
-
SSDEEP
196608:68aXjDEAkJVjG2lnKOHCe0BvxJ4uY+QkHyxomkJiEBLS6A4p6625d0XL:+XPEzVjG2oICvBJJ4uckIomIa41XL
Score7/10-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1