General
-
Target
winAPI.dll
-
Size
45.7MB
-
Sample
250115-v5xpaazkbs
-
MD5
4b48fc5056eb12d35cb7f7d4de75903b
-
SHA1
3aafda02a78507719b38d88900160d734307e697
-
SHA256
b4244a5e44a39ed6cba73f5b93530186b2286fbdaa3447ea5f2bdcc2efc793d5
-
SHA512
f3d611d52c329ebbd82c98978d31a3486e1b7c3787a9ecc4328fde562be428e1f40e45b44830c21bdbe55606d10fb2ed4f137fc7e7bee88389684ad540f85a40
-
SSDEEP
393216:51Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYf7:5Mguj8Q4VfvZqFTrYsSStr
Static task
static1
Behavioral task
behavioral1
Sample
winAPI.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
winAPI.dll
-
Size
45.7MB
-
MD5
4b48fc5056eb12d35cb7f7d4de75903b
-
SHA1
3aafda02a78507719b38d88900160d734307e697
-
SHA256
b4244a5e44a39ed6cba73f5b93530186b2286fbdaa3447ea5f2bdcc2efc793d5
-
SHA512
f3d611d52c329ebbd82c98978d31a3486e1b7c3787a9ecc4328fde562be428e1f40e45b44830c21bdbe55606d10fb2ed4f137fc7e7bee88389684ad540f85a40
-
SSDEEP
393216:51Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYf7:5Mguj8Q4VfvZqFTrYsSStr
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4