prompt user for credentials

edit on GitHub
search on VirusTotal

# generated using capa explorer for IDA Pro
rule:
  meta:
    name: prompt user for credentials
    namespace: collection/credentials
    authors:
      - michael.hunhoff@mandiant.com
    scopes:
      static: function
      dynamic: thread
    references:
      - https://www.ired.team/offensive-security/credential-access-and-credential-dumping/credentials-collection-via-creduipromptforcredentials
  features:
    - and:
      - or:
        - api: credui.CredUIPromptForCredentials
        - api: credui.CredUIPromptForWindowsCredentials
      - optional:
        - api: credui.CredUnPackAuthenticationBuffer # unpack credentials for collection

last edited: 2023-11-24 10:34:28