General
-
Target
cred64.dll.exe
-
Size
1.2MB
-
Sample
241218-mhntvswncm
-
MD5
6f25f0506bf49fe7f35686ed1f8fef4a
-
SHA1
e5596d4c2b924bc93755558e447d1a04d19efdfe
-
SHA256
532182c6dcf52d5ce0bc271e94b13e83019fd8d09afdc5e68d985a092b250203
-
SHA512
5d93f84c6d80430ee853e7ef20cce4235effc1ba49f860c358c16eaad1c762e74b67dd9aa4c7e1996b38da07c2c601ebdcaf8dba9d4b594c19b92db589ec18ae
-
SSDEEP
24576:Usd+7fzBMqZjh2sntUcCy8LfunZzW8IFHcDVh1QhHAO:U3BHjh2OZ80ZzHIF85L
Malware Config
Extracted
amadey
5.04
4bee07
http://185.215.113.209
-
strings_key
191655f008adc880f91bfc85bc56db54
-
url_paths
/Fru7Nk9/index.php
Targets
-
-
Target
cred64.dll.exe
-
Size
1.2MB
-
MD5
6f25f0506bf49fe7f35686ed1f8fef4a
-
SHA1
e5596d4c2b924bc93755558e447d1a04d19efdfe
-
SHA256
532182c6dcf52d5ce0bc271e94b13e83019fd8d09afdc5e68d985a092b250203
-
SHA512
5d93f84c6d80430ee853e7ef20cce4235effc1ba49f860c358c16eaad1c762e74b67dd9aa4c7e1996b38da07c2c601ebdcaf8dba9d4b594c19b92db589ec18ae
-
SSDEEP
24576:Usd+7fzBMqZjh2sntUcCy8LfunZzW8IFHcDVh1QhHAO:U3BHjh2OZ80ZzHIF85L
Score8/10-
Blocklisted process makes network request
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1