Malware Analysis | Google Chrome Password Stealer

Malware Analysis | Google Chrome Password Stealer

click photo for more information
Malware Analysis | Google Chrome Password Stealer
========= LINKS ========= Twitter: https://twitter.com/kindredsec Twitch: https://www.twitch.tv/kindredsec Blog: https://kindredsec.com Discord: https://discord.gg/CCZCJCu GitHub: https://github.com/itsKindred Link to Sample: https://github.com/itsKindred/malware-samples/blob/master/powershell/chrome_password_stealer.ps1 code snippet on how extract chrome credentials: https://github.com/darkarp/chromepass/blob/master/create_server.py#L212  ========= DESCRIPTION========= In this video, we analyze a super simple malware sample designed to extract and send stored Google Chrome passwords over email. The sample consists of three “components,” the […]
4
45

========= LINKS =========
Twitter: https://twitter.com/kindredsec
Twitch: https://www.twitch.tv/kindredsec
Blog: https://kindredsec.com
Discord: https://discord.gg/CCZCJCu
GitHub: https://github.com/itsKindred

Link to Sample: https://github.com/itsKindred/malware-samples/blob/master/powershell/chrome_password_stealer.ps1
code snippet on how extract chrome credentials: https://github.com/darkarp/chromepass/blob/master/create_server.py#L212

 ========= DESCRIPTION=========
In this video, we analyze a super simple malware sample designed to extract and send stored Google Chrome passwords over email. The sample consists of three “components,” the initial dropper, a PowerShell script to send off the stolen data via email, and a binary that actually extracts the Chrome passwords. We spend about half of the video diving into the PowerShell code itself statically, and the other half running the sample and watching how it goes about grabbing the stored passwords. This will likely be the last PowerShell sample I do for some time; if there’s any samples you want me to take a look at, feel free to reach out to me on twitter.

========= TIMESTAMPS =========
00:00:00 – Introduction
00:01:07 – Deconstructing initial stage (batch)
00:02:40 – Start of analysis of main script (PowerShell)
00:05:30 – Checking out SMTP email behavior in script
00:13:00 – Manually grabbing the binary downloaded by posh script
00:14:19 – Light analysis of strings contained in the binary
00:18:55 – Start of dynamic analysis of binary on Windows VM
00:21:23 – First run of binary
00:23:44 – Seeing Chrome Login Data interaction
00:26:18 – Installing chrome, saving credentials to give the PE something to work with
00:28:35 – Verifying where Chrome saved passwords are stored
00:29:52 – Running the binary again

========= HASHES =========
f7bbdc9fe9307ec1301bf8d3d26ea9f0 initial_stage.bat
e424f340199d74ff11d0257e95f4b575 run_and_send.ps1
6835bbe61c5ddffc01942204d281b1fc cpv.exe

Comments

Write a comment

Library Security Analysis: Sixth Edition, Foreword by Warren Buffett (Security Analysis Prior

click photo for more information
Library  Security Analysis: Sixth Edition, Foreword by Warren Buffett (Security Analysis Prior
Popular Security Analysis: Sixth Edition, Foreword by Warren Buffett (Security Analysis Prior Editions)“A road map for investing that I have now been following for 57 years.”–From the Foreword by Warren E. BuffettFirst published in 1934, Security Analysis is one of the most influential financial books ever written. Selling more than one million copies through five […]
1
2

Effective Online Security – G Suite Security with Rowan Manson from Cobry – Google Next London

click photo for more information
Effective Online Security –  G Suite Security with Rowan Manson from Cobry – Google Next London
Do you have effective security measures in place to protect your business? In this weeks video, I sit down with Cobry’s Rowan Manson to discuss G Suite security and why it’s one of the best in the world. Did you enjoy the video? Hit the like button and subscribe to keep up to date with […]
2
2

Haemolacria.exe | A beautiful process less malware

click photo for more information
Haemolacria.exe | A beautiful process less malware
Thanks for watching this video I hope you enjoyed it 🙂 Discord : http://sadiscord.xyz/ Twitter : https://twitter.com/SASiam6 Instagram : https://www.instagram.com/siam3alam/ Musics : DreamStation1986 – Don’t Want to Comeback DreamStation1986 – Fahrenheit #FMV93 ————————————————————————————————————- This video is for educational purposes only, watchers should not try to infect any computer with a virus unless with prior consent, […]
1
0

RegistryOffice Domain Abuse Monitor – 9 minute demo

click photo for more information
RegistryOffice Domain Abuse Monitor – 9 minute demo
9 minute demo of the RegistryOffice Abuse Monitor – June 2018 ICANN Compliant Abuse Monitoring and Reporting Learn more at www.pinkybrand.com
1
3

DeepSec2017 – Skip Tracing For Fun And Profit

click photo for more information
DeepSec2017 – Skip Tracing For Fun And Profit
This talk covers skip tracing TTPs and countermeasures in the digital and human domains. The audience will be guided through two real world examples of how a regular citizen can use open source tools, exploits, and social engineering to assist law enforcement and profit. Some examples include phishing websites tailored to a fugitive’s resume, geolocating […]
0
2

The Honeynet Project Annual Workshop 2016

click photo for more information
The Honeynet Project Annual Workshop 2016
Information Security Trends: Deception, Honeypots, Malware Analysis, Security Visualization, and more!
9
1

Malware goes to the Movies

click photo for more information
Malware goes to the Movies
Dr. Aleksandr Yampolskiy speaks about malware embedded/triggered in/by media files: „As the criminals adapt, they look for new ways to distribute malware. This talk will examine new types of malware that spread through online videos, music files, and images. We begin by analyzing media malware trends, and discover that many of the attacks are not […]
1
2

OpenNSM (Network Scout – Shawn Jordan)

click photo for more information
OpenNSM (Network Scout – Shawn Jordan)
Network Scout is an intrusion detection system and honeypot. It was built on TrustedSec’s Artillery. It allows for a distributed system of scouts. The system is similar to the tsunami warning system on the coast. The scout is like a buoy in the ocean, and the scout server is the central warning system. If the […]
1
15

COMO: Instalar & Ativar IOBIT Malware Fighter 2017

click photo for more information
COMO: Instalar & Ativar IOBIT Malware Fighter 2017
▂ ▃ ▄ ▅ ▆ ▇ █ DESCRIÇÃO █ ▇ ▆ ▅ ▄ ▃ ▂ ılı.lııllılı.ıllı..ılı.lıllılı.ıllıılı.lı¬¬¬llılı.ıllı..ılı.lıllılı.ıllı.ılı.lıllılı.ıllı.ılııllılı.ıllı.ılı..ılı.lıl ✔ Gostou do Vídeo? , Funcionou Com Você? Deixa Um gostei ae Mão de Vaca & Siga Nosso Canal. ▬▬▬▬▬▬▬▬▬▬▬⇩⇩ Link’s Para Download⇩⇩▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ► 1ª OPÇÂO: ║ ║ ╚═► ● ►http://adf.ly/1kjJQS ◄ ! —— ou —— ! ╚═► ● […]
1
1

Los malware más devastadores en toda la historia #TopUnocero

click photo for more information
Los malware más devastadores en toda la historia #TopUnocero
Los ataques cibernéticos son cada vez más sofisticados y potentes, te presentamos algunos de los más memorables por su tremendo impacto. REDES SOCIALES del CANAL WEB: https://www.unocero.com TWITTER: https://www.twitter.com/unocero FACEBOOK : https://www.facebook.com/unocerofan INSTAGRAM: https://www.instagram.com/unocerofan
1
2

“It's not illegal… it's not perfectly legal”: Chinese piracy boxes with malware sold to Canadians

click photo for more information
“It's not illegal… it's not perfectly legal”: Chinese piracy boxes with malware sold to Canadians
http://bit.ly/2RKmiqf David Menzies of Rebel News reports: A piracy device capable of streaming free TV and movie content is being sold by such retailers as Best Buy, Staples, London Drugs, and Canada Computers. And it’s only a few hundred bucks. Sound too good to be true? Definitely. ►***NEW*** BUY Rebel News gear – http://bit.ly/2kIaqcd ►SUPPORT […]
1
1

7 Videojuegos que en Secreto Tienen Virus y Malware (PARTE 2)

click photo for more information
7 Videojuegos que en Secreto Tienen Virus y Malware (PARTE 2)
En este Top 7, conocerás otros secretos dañinos que increíblemente fueron descubiertos en varios juegos. Suscribete a Zico Tops para mas listas de videojuegos!: http://goo.gl/FzHdKU Vídeos recomendados: 7 Videojuegos que en Secreto Tienen Virus y Malware – https://www.youtube.com/watch?v=Kr2WkKHjwPg 10 Videojuegos que se BURLAN de Otros Juegos (PARTE 5) – https://www.youtube.com/watch?v=4SwqZYOvieo Créditos a las canciones principales […]
2
3

Introduction to Cybersecurity – Virus and Malware

click photo for more information
Introduction to Cybersecurity – Virus and Malware
For more see: https://vinsloev.com/ Types of Malware Virus Crypto-malware & Ransomware Rootkit Trojan Horse Worms Keyloggers Bots/Botnets Spyware/Adware Virus A program intended to damage a computer system Companion Virus Macro Virus Multipartite Virus Polymorphic Virus Crypto-Malware & Ransomware Malware that uses Cryptography as part of the attack Examples: cryptoLocker, WannaCry, and NotPetya RootKit Software that […]
1
3

Virtual Keyring – The ULTIMATE Password Manager

click photo for more information
Virtual Keyring – The ULTIMATE Password Manager
Shopping on line is very popular. But there is a problem… Remembering all your passwords. This is Alaina and she has THE password problem. My problem is remembering all of my passwords so I CAN shop! Every one of those stinking site needs a different password! Really? Virtual Keyring, the ultimate password manager, can solve […]
1
16

Kentik Performance and Security Analysis

click photo for more information
Kentik Performance and Security Analysis
Avi Freedman, CEO and Co-founder, discusses how Kentik can be used to help networking professionals diagnose performance issues in the network and analyze security issues as they arise. Recorded at Networking Field Day 12 on August 11, 2016. For more information, please visit http://Kentik.com/ or http://TechFieldDay.com/event/nfd12/
1
12

Prophecy Current Events Hope not Ashamed

click photo for more information
Prophecy Current Events Hope not Ashamed
Prophecy Current Events Hope Not Ashamed | show ID#101112 Battle Lines Prophecy News and Current events find itself again with top news headliners and chaos of nations. Yet amidst all this the believer rejoices and has faith in Jesus Christ. We Know “Hope maketh not Ashamed” because it is Gods very love which is shed […]
1
29

Sajber Sfera 03.04.2018 – RTV Belle Amie

click photo for more information
Sajber Sfera 03.04.2018 – RTV Belle Amie
Sajber Sfera | 03.04.2018 | Galaxy S10/S9, FAR CRY 5, Android malware, GTX 1080 Ti… Glavni i odgovorni urednik: Vidosav Radomirović Direktor programa: Dragana Nikolić Autor emisije: Mihailo Ivanjac Špica, Montaža: Mihailo Ivanjac Produkcija RTV Belle Amie april 2018 (c) Sva prava zadržana! Zabranjen svaki vid kopiranja ovog sadržaja! Svakog utorka od 19h odmah posle […]
3
25

VizSec 2014: Problem Characterization and Abstraction for Visual Analytics in Behavior-Based Malware Pattern Analysis

click photo for more information
VizSec 2014: Problem Characterization and Abstraction for Visual Analytics in Behavior-Based Malware Pattern Analysis
Authors: Markus Wagner, Wolfgang Aigner, Alexander Rind, Hermann Dornhackl, Konstantin Kadletz, Robert Luh and Paul Tavolato
1
22

NetApp User Behavior Analytics

click photo for more information
NetApp User Behavior Analytics
How Cloud Insights upcoming feature will be able to detect insider threats, malware, and other malicious activity on the data and help prevent further damage. Presented by James Holden, Director, Cloud Analytics Recorded at Tech Field Day in Silicon Valley, CA on June 26th, 2019. For more information please visit http://www.netapp.com/us/ or techfieldday.com/event/tfd19
0
25

Qualcomm Snapdragon Smart Protect: mobile anti-malware technology

click photo for more information
Qualcomm Snapdragon Smart Protect: mobile anti-malware technology
Qualcomm Snapdragon Smart Protect: mobile anti-malware technology
2
24

malwarebytes anti-malware Keygen 2013

click photo for more information
malwarebytes anti-malware Keygen 2013
Download Link: http://l.gg/6t Mirror Link 1: http://l.gg/6v Mirror Link 2: http://l.gg/6q
1
16

Video: Malwarebytes Anti-Malware

click photo for more information
Video: Malwarebytes Anti-Malware
Mit der kostenlosen, abgespeckten Version von Malwarebytes Anti-Malware findet und entfernt man Schadsoftware. Die Freeware durchkämmt das gesamte System nach Viren, Würmern, Trojanern, Rootkits, Dialern, Spyware und sonstiger Malware. Ein Überblick im Softonic-Video.
1
16

Trash malware

click photo for more information
Trash malware
Hello, my friends! Let’s hit 1000 likes? Join my discord server! https://malwat.ch/discord Today I am going to show you the worst ever batch/.NET creations there can possibly be. Sorry for being kind of toxic in this video, but I thought about making this video for a year now. Don’t ever make anything like this, nobody […]
2
23

Trojan Malware ‘Shopper’ 14% smartphones in India Affected Current Affairs 2020

click photo for more information
Trojan Malware ‘Shopper’ 14% smartphones in India Affected Current Affairs 2020
#Republic_Sale. Get FlAT 70% Discount on all #Pendrive_Courses for Various Govt. Exams, Click here http://bit.ly/2QcdLOd to know in detail OR #Call95_8004_8004. OFFER valid till 27th January 2020. 👇 Choose Pendrive Course categories from links given below 👇 UPSC/CSE – This is our Flagship & Most Selling Course. This course covered Length & Breadth of UPSC […]
1
24

Getting The Most Out Of Symantec Endpoint Protection

click photo for more information
Getting The Most Out Of Symantec Endpoint Protection
If you’re not using all of the advanced features of Symantec Endpoint Protection, not only are you not getting the most out of your investment, but it’s probably hurting you more than you realize! ITS finds that over 50% customers we interact with are NOT leveraging SEP beyond the foundation of AV/AS functionality and the […]
1
39

Malware for SoHo Routers

click photo for more information
Malware for SoHo Routers
naxxatoe of Nice Name Crew talks about malware that can be installed on SoHo routers. The talk was held at DeepSec 2009.
2
57

How spyware affects your computer | Spyware Malware Removal

click photo for more information
How spyware affects your computer | Spyware Malware Removal
Here How spyware malware affects on your computer. VRS Technologies provide spyware malware removal,virus removal service,anti virus protection and endpoint security solution in Dubai.For more contact us at 971551683152. http://www.vrstechdxb.com/antispam-and-endpoint-security.html
1
45

[NEW] Latest Survey Bypassing Software – No password survey or virus.

click photo for more information
[NEW] Latest Survey Bypassing Software – No password survey or virus.
FileIce Downloader – DOWNLOAD FileIce Surveys Bypass 2015Direct Download: http://bit.ly/SurveyBypassMastersMirror: http://bit.ly/1zLmPZpVirus Scan: https://www.virustotal.com/en/file/5d7b055d98ed7f56e2ecc37b62bbf22782f263179349aae3ecaee1eb6e9c871d/analysis/1420296481/Note: some antivirus software may identify it as a potential threat because it’s downloaded from the internet as a modified version of Update. In case of any problems, you may need to turn off your antivirus then try downloading it again.My software has […]
1
30

Full E-book Security Analysis: Sixth Edition, Foreword by Warren Buffett (Security Analysis

click photo for more information
Full E-book  Security Analysis: Sixth Edition, Foreword by Warren Buffett (Security Analysis
https://goodreadsb.blogspot.com/?book=0071592539“A road map for investing that I have now been following for 57 years.”–From the Foreword by Warren E. BuffettFirst published in 1934, Security Analysis is one of the most influential financial books ever written. Selling more than one million copies through five editions, it has provided generations of investors with the timeless value investing […]
3
38

Google steps up security against “unwanted software”

click photo for more information
Google steps up security against “unwanted software”
The Internet giant Google is stepping up its security to counter what officials call unwanted software programs. Google is aiming to tackle secretly installed programs on websites that can change a browser’s settings without a user’s permission. The sneaky scams have the ability to unleash a siege of annoying advertisements or redirect users to sites […]
1
56
load more posts