malware
Behaviour expectations
the malware dumps the three registries sam, security and system
to the %temp%
folder as .save
files. From those three registries, execute the dump.exe
that was extracted from the resource section and written to the temp folder.
On execution a new file hash.txt
in the %temp%
folder will be created that contains the hashes of the users.
How to open
- Clone the repository to local host
- Open Visual Studio 2019
- Navigate on File -> Open -> Project/Solution
- Choose the CSS579.sln file
How to build
- Set the project to Debug x86 mode
- Navigate to Build -> Build Solution
- Open the root folder of the project
- Under the Debug folder, you will find the exe
How to run
- Download the binary from github release or build your own one from source code
- Open a command prompt (cmd) with administrator privileges
- Navigate to exe directory or drag the exe to the cmd window
- Execute the exe
> malware.exe
How to run secretsdump
- Load the secretsdump.exe in a command prompt with administrator privilege
- Then append the flags:
-sam sam.save -security security.save -system system.save LOCAL
- This should then print out the hashes
- In order to get the three files
sam.save; security.save; system.save
, run the exe that you built.