Extracted

• • Target

    b91a3743c7399aee454491862e015ef6fc668a25d1aa2816e065a86a03f6be35.exe

  • Size

    1.2MB

  • MD5

    c6aabb27450f1a9939a417e86bf53217

  • SHA1

    b8ef3bb7575139fd6997379415d7119e452b5fc4

  • SHA256

    b91a3743c7399aee454491862e015ef6fc668a25d1aa2816e065a86a03f6be35

  • SHA512

    e5fe205cb0f419e0a320488d6fa4a70e5ed58f25b570b41412ebd4f32bbe504ff75acb20bfea22513102630cf653a41e5090051f20af2ed3aadb53ce16a05944

  • SSDEEP

    24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t

  Score

  8^/10

  credential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer

  • Blocklisted process makes network request

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer
  behavioral1behavioral2