Resubmissions
01/03/2025, 12:05
250301-n9ewpszxft 1001/03/2025, 12:02
250301-n7vjda1mv9 801/03/2025, 12:00
250301-n6askszwhw 1001/03/2025, 11:57
250301-n4qe9a1lw5 801/03/2025, 11:54
250301-n246mazwby 801/03/2025, 11:51
250301-n1j43a1kx6 1001/03/2025, 11:48
250301-nyxmda1kt4 601/03/2025, 11:46
250301-nxbzaa1jz4 10General
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye
-
Sample
250301-nxbzaa1jz4
Malware Config
Targets
-
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye
Score10/10-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
mimikatz is an open source tool to dump credentials on Windows
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1