0.0.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.400000.0.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 3D 88 44 24 2B 88 44 24 2F B0 E8 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.400000.0.unpack | MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen | - 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
- 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
- 0x700:$s3: 83 EC 38 53 B0 3D 88 44 24 2B 88 44 24 2F B0 E8 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
- 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
- 0x1e9d0:$s5: delete[]
- 0x1de88:$s6: constructor or from DllMain.
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3de55:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3dec7:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3df51:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3dfe3:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3e04d:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3e0bf:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3e155:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3e1e5:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.raw.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3ed6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3eddf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3ee69:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3eefb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3ef65:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3efd7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3f06d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3f0fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.50e0000.5.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3cf6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3cfdf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3d069:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3d0fb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3d165:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3d1d7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3d26d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3d2fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610000.4.raw.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3fc55:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3fcc7:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3fd51:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3fde3:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3fe4d:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3febf:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3ff55:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3ffe5:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3de55:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3dec7:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3df51:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3dfe3:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3e04d:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3e0bf:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3e155:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3e1e5:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3cf6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3cfdf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3d069:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3d0fb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3d165:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3d1d7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3d26d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3d2fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229fb46.2.raw.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3ed6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3eddf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3ee69:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3eefb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3ef65:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3efd7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3f06d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3f0fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.raw.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3ed6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3eddf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3ee69:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3eefb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3ef65:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3efd7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3f06d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3f0fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3cf6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3cfdf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3d069:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3d0fb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3d165:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3d1d7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3d26d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3d2fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.2610ee8.3.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3cf6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3cfdf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3d069:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3d0fb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3d165:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3d1d7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3d26d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3d2fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.raw.unpack | JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | |
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.raw.unpack | JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | |
0.2.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.229ec5e.1.raw.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3fc55:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3fcc7:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3fd51:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3fde3:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3fe4d:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3febf:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3ff55:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3ffe5:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
0.3.c2e57fb2b8206bd9b5d05d8a9b0d2e78082dd303ee6364b288d568fcd48900f7_dump.exe.4e96e0.0.raw.unpack | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen | - 0x3ed6d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
- 0x3eddf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
- 0x3ee69:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
- 0x3eefb:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
- 0x3ef65:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
- 0x3efd7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
- 0x3f06d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
- 0x3f0fd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
|
Click to see the 45 entries |