Hdump
Description
(Palo Alto) The threat actor deployed and used Hdump.exe (renamed h64.exe), which is a credential stealing utility that researchers have observed Chinese threat actors using. Threat actors used Hdump to dump credentials from memory using the -a (dump all) flag.
Names
| Name |
|---|
| Hdump |
Category
Malware
Type
- Credential stealer
Information
- https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/
- https://valhalla.nextron-systems.com/info/rule/Winnti_APT_Hdump_Tool
Other Information
Uuid
82482189-4a8a-4419-873f-457067b94c56
Last Card Change
2023-10-12