Esentutl Steals Browser Information (6a69f62d-ce75-4b57-8dce-6351eb55b362)
One way Qbot steals sensitive information is by extracting browser data from Internet Explorer and Microsoft Edge by using the built-in utility esentutl.exe
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Esentutl Steals Browser Information (6a69f62d-ce75-4b57-8dce-6351eb55b362) | Sigma-Rules | Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) | Attack Pattern | 1 |